| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-0189 | 2.1 |
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
|
13-02-2023 - 00:36 | 02-05-2014 - 14:55 | |
| CVE-2014-0190 | 4.3 |
The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
|
16-06-2021 - 13:39 | 08-05-2014 - 14:29 | |
| CVE-2018-15455 | 4.3 |
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's
|
09-10-2019 - 23:35 | 23-01-2019 - 22:29 | |
| CVE-2017-2586 | 4.3 |
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
|
09-10-2019 - 23:26 | 27-07-2018 - 18:29 | |
| CVE-2007-5582 | 4.3 |
Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified
|
15-10-2018 - 21:45 | 15-12-2007 - 01:46 | |
| CVE-2012-2252 | 4.4 |
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184
|
29-08-2017 - 01:31 | 11-01-2013 - 01:55 | |
| CVE-2012-2251 | 4.4 |
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
|
29-08-2017 - 01:31 | 11-01-2013 - 01:55 | |
| CVE-2009-4533 | 5.0 |
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vector
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2009-4532 | 3.5 |
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field lab
|
17-08-2017 - 01:31 | 31-12-2009 - 19:30 | |
| CVE-2003-1357 | 10.0 |
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2014-10024 | 7.5 |
Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an
|
14-01-2015 - 00:30 | 13-01-2015 - 11:59 | |
| CVE-2014-3123 | 2.1 |
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gall
|
09-05-2014 - 17:29 | 08-05-2014 - 14:29 |