Latest CVE Feed
-
2.6
LOWCVE-2005-2974
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.... Read more
Affected Products : libungif- EPSS Score: %4.88
- Published: Nov. 04, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0626
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.... Read more
Affected Products : squid- EPSS Score: %0.09
- Published: Mar. 08, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2011-3328
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk assoc... Read more
Affected Products : libpng- EPSS Score: %11.43
- Published: Jan. 17, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more
- EPSS Score: %0.29
- Published: Apr. 25, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-3368
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by ru... Read more
Affected Products : dtach- EPSS Score: %0.44
- Published: Jul. 03, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-5183
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more
- EPSS Score: %0.44
- Published: Oct. 24, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-2071
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request ... Read more
Affected Products : tomcat- EPSS Score: %6.87
- Published: Jun. 01, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2009-0737
Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary w... Read more
Affected Products : mediawiki- EPSS Score: %0.51
- Published: Feb. 25, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2006-3619
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.... Read more
Affected Products : fastjar- EPSS Score: %1.81
- Published: Jul. 25, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attack... Read more
Affected Products : python- EPSS Score: %0.40
- Published: Jun. 27, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-0800
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklis... Read more
Affected Products : postnuke- EPSS Score: %7.48
- Published: Feb. 20, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2011-3872
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certific... Read more
- EPSS Score: %2.78
- Published: Oct. 27, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2011-2465
Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash)... Read more
Affected Products : bind- EPSS Score: %14.01
- Published: Jul. 08, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2010-2796
Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.... Read more
Affected Products : phpcas- EPSS Score: %0.74
- Published: Aug. 05, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-6591
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.... Read more
- EPSS Score: %1.71
- Published: Jan. 21, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2010-2322
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: th... Read more
Affected Products : fastjar- EPSS Score: %0.74
- Published: Jun. 18, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-9478
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more
Affected Products : mediawiki- EPSS Score: %0.28
- Published: Jan. 16, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2012-4930
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obta... Read more
- EPSS Score: %0.24
- Published: Sep. 15, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2010-4448
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets... Read more
- EPSS Score: %3.24
- Published: Feb. 17, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2009-0591
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more
Affected Products : openssl- EPSS Score: %1.84
- Published: Mar. 27, 2009
- Modified: Apr. 09, 2025