Latest CVE Feed
-
2.6
LOWCVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more
- EPSS Score: %0.29
- Published: Apr. 25, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-5183
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more
- EPSS Score: %0.44
- Published: Oct. 24, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-0585
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.... Read more
- EPSS Score: %1.35
- Published: Mar. 25, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0402
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.... Read more
Affected Products : firefox- EPSS Score: %1.44
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0145
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.... Read more
Affected Products : firefox- EPSS Score: %1.03
- Published: Jan. 24, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0143
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.... Read more
- EPSS Score: %0.77
- Published: Mar. 23, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2602
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.... Read more
- EPSS Score: %0.45
- Published: Aug. 17, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2012-1645
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.... Read more
- EPSS Score: %0.59
- Published: Aug. 28, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-2207
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.... Read more
- EPSS Score: %0.07
- Published: Oct. 09, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-9269
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.... Read more
- EPSS Score: %0.41
- Published: Jan. 09, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2009-4409
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attacke... Read more
Affected Products : seil\/b1- EPSS Score: %0.29
- Published: Dec. 23, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2013-1729
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.... Read more
- EPSS Score: %0.43
- Published: Sep. 18, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-1690
The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the... Read more
- EPSS Score: %0.69
- Published: Feb. 28, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2006-1736
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link th... Read more
- EPSS Score: %1.62
- Published: Apr. 14, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more
Affected Products : http_server- EPSS Score: %0.11
- Published: Nov. 04, 2002
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-0452
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more
Affected Products : perl- EPSS Score: %0.05
- Published: Dec. 21, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-0124
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more
- EPSS Score: %36.36
- Published: Jun. 01, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2003-0282
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.... Read more
- EPSS Score: %12.23
- Published: Jun. 16, 2003
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-7412
The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain... Read more
Affected Products : datapower_gateway- EPSS Score: %0.21
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2011-3975
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a li... Read more
- EPSS Score: %0.36
- Published: Oct. 03, 2011
- Modified: Apr. 11, 2025