Latest CVE Feed
-
3.5
LOWCVE-2021-31224
SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.... Read more
Affected Products : endpoint_security- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2013-2403
Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability th... Read more
Affected Products : siebel_crm- Published: Apr. 17, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2015-0236
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.... Read more
- Published: Jan. 29, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value ... Read more
- Published: Jun. 12, 2019
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2013-3749
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous i... Read more
Affected Products : e-business_suite- Published: Jul. 17, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2010-3196
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.... Read more
Affected Products : db2- Published: Aug. 31, 2010
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2012-2202
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot ... Read more
- Published: Jul. 27, 2012
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2015-7386
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Medi... Read more
Affected Products : gallery_-_photo_albums_-_portfolio- Published: Sep. 28, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2017-2730
HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, ... Read more
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
3.5
LOWCVE-2009-5055
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting ... Read more
Affected Products : otrs- Published: Mar. 18, 2011
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2020-14731
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged... Read more
Affected Products : retail_customer_management_and_segmentation_foundation- Published: Oct. 21, 2020
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2013-2998
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.... Read more
- Published: May. 26, 2014
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2013-2042
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark... Read more
- Published: Mar. 14, 2014
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2013-0468
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-... Read more
- Published: Jul. 03, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2013-5425
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more
Affected Products : websphere_virtual_enterprise- Published: Nov. 18, 2013
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2010-3732
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of ... Read more
Affected Products : db2- Published: Oct. 05, 2010
- Modified: Apr. 11, 2025
-
3.5
LOWCVE-2015-4761
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.... Read more
- Published: Jul. 16, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2007-5319
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.... Read more
Affected Products : solaris- Published: Oct. 09, 2007
- Modified: Apr. 09, 2025
-
3.5
LOWCVE-2024-41663
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can in... Read more
Affected Products : canarytokens- Published: Jul. 23, 2024
- Modified: Nov. 21, 2024
-
3.5
LOWCVE-2024-51337
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php.... Read more
Affected Products : gibbon- Published: Nov. 21, 2024
- Modified: Jul. 17, 2025