Latest CVE Feed
-
4.3
MEDIUMCVE-2021-30153
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that... Read more
Affected Products : mediawiki- Published: Apr. 15, 2023
- Modified: Feb. 06, 2025
-
4.3
MEDIUMCVE-2006-6507
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.... Read more
Affected Products : firefox- Published: Dec. 20, 2006
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.... Read more
- Published: Sep. 21, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-3560
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploit... Read more
Affected Products : hospitality_opera_5_property_services- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-3544
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vuln... Read more
Affected Products : android debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus jdk jre +3 more products- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-3552
Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x... Read more
Affected Products : hospitality_opera_5_property_services- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2006-7225
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid charac... Read more
Affected Products : pcre- Published: Dec. 03, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2007-3644
archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a... Read more
- Published: Jul. 14, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2019-13761
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more
- Published: Dec. 10, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-3533
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vuln... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus jdk jre jrockit +2 more products- Published: Apr. 24, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2019-13679
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.... Read more
Affected Products : chrome- Published: Nov. 25, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-1157
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default... Read more
- Published: Nov. 14, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-0273
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multipl... Read more
Affected Products : database_server- Published: Jan. 17, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2012-1095
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.... Read more
- Published: Feb. 06, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2020-14174
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before v... Read more
- Published: Jul. 13, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-0679
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.... Read more
Affected Products : safari- Published: Jul. 25, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom X... Read more
- Published: Apr. 25, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involv... Read more
- Published: Jan. 28, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2012-0049
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.... Read more
- Published: Nov. 07, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-23001
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to up... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +4 more products- Published: Mar. 31, 2021
- Modified: Nov. 21, 2024