| Max CVSS | 9.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-3672 | 4.6 |
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, a
|
12-09-2023 - 14:55 | 27-04-2016 - 17:59 | |
| CVE-2002-0839 | 7.2 |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that
|
23-09-2022 - 15:11 | 11-10-2002 - 04:00 | |
| CVE-2016-6270 | 9.0 |
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password
|
13-09-2021 - 12:04 | 30-01-2017 - 22:59 | |
| CVE-2013-2559 | 6.5 |
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers
|
25-08-2020 - 15:59 | 27-03-2014 - 16:55 | |
| CVE-2013-2267 | 9.0 |
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
|
29-01-2020 - 21:18 | 27-01-2020 - 22:15 | |
| CVE-2018-1314 | 4.0 |
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
|
03-10-2019 - 00:03 | 08-11-2018 - 14:29 | |
| CVE-2007-5220 | 7.5 |
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
|
15-10-2018 - 21:41 | 05-10-2007 - 00:17 | |
| CVE-2010-4444 | 6.8 |
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
17-08-2017 - 01:33 | 19-01-2011 - 17:00 | |
| CVE-2008-6875 | 7.5 |
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
|
17-08-2017 - 01:29 | 24-07-2009 - 16:30 | |
| CVE-2005-4297 | 4.3 |
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.
|
08-03-2011 - 02:27 | 16-12-2005 - 23:03 |