Latest CVE Feed
-
4.3
MEDIUMCVE-2017-3031
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.... Read more
- Published: Apr. 12, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-3022
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.... Read more
- Published: Apr. 12, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2010-3936
Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Sig... Read more
Affected Products : forefront_unified_access_gateway- Published: Nov. 10, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2015-4490
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, w... Read more
- Published: Aug. 16, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2020-24654
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.... Read more
- Published: Sep. 02, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-1765
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.... Read more
- Published: Mar. 30, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-13761
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more
- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-0891
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv... Read more
- Published: Mar. 14, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-3029
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream.... Read more
- Published: Apr. 12, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2010-2787
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that... Read more
Affected Products : mediawiki- Published: Apr. 27, 2011
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-2764
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to d... Read more
- Published: Sep. 09, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-2661
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified... Read more
- Published: Jul. 08, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-2407
Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.... Read more
Affected Products : database_server- Published: Oct. 14, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2020-2590
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthent... Read more
- Published: Jan. 15, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-3533
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vuln... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus jdk jre jrockit +2 more products- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-3032
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.... Read more
- Published: Apr. 12, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2010-2049
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this informa... Read more
- Published: May. 25, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2018-0939
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.... Read more
- Published: Mar. 14, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2010-1422
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbit... Read more
- Published: Jun. 11, 2010
- Modified: Apr. 11, 2025