Latest CVE Feed
-
2.6
LOWCVE-2005-2268
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog... Read more
- EPSS Score: %2.16
- Published: Jul. 13, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2008-0456
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbi... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation http_server- EPSS Score: %14.34
- Published: Jan. 25, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2011-4363
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.... Read more
- EPSS Score: %0.05
- Published: Oct. 07, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2011-3427
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive inform... Read more
- EPSS Score: %0.31
- Published: Oct. 14, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache ... Read more
Affected Products : bind- EPSS Score: %20.04
- Published: Nov. 25, 2009
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2012-4600
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more
- EPSS Score: %1.05
- Published: Aug. 31, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2008-3270
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or... Read more
Affected Products : enterprise_linux- EPSS Score: %0.30
- Published: Aug. 18, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2010-0777
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers... Read more
Affected Products : websphere_application_server- EPSS Score: %0.55
- Published: May. 17, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more
Affected Products : tomcat- EPSS Score: %22.77
- Published: Dec. 19, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-2755
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.... Read more
Affected Products : quicktime- EPSS Score: %1.39
- Published: Nov. 05, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2011-3218
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the htt... Read more
- EPSS Score: %0.66
- Published: Oct. 14, 2011
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-5679
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attacker... Read more
Affected Products : enterprise_security_api- EPSS Score: %0.10
- Published: Sep. 30, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2005-2174
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL repli... Read more
Affected Products : bugzilla- EPSS Score: %0.40
- Published: Jul. 08, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2025-1953
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation lead... Read more
Affected Products :- Published: Mar. 04, 2025
- Modified: Mar. 04, 2025
- Vuln Type: Cryptography
-
2.6
LOWCVE-2024-45719
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more
Affected Products : answer- Published: Nov. 22, 2024
- Modified: Jul. 01, 2025
-
2.6
LOWCVE-2006-2015
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other... Read more
Affected Products : sl_site- EPSS Score: %0.62
- Published: Apr. 25, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3342
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.... Read more
Affected Products : arctic- EPSS Score: %0.62
- Published: Jul. 03, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1701
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.... Read more
Affected Products : shadowed_portal- EPSS Score: %0.76
- Published: Apr. 11, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3326
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this infor... Read more
Affected Products : quickzip- EPSS Score: %1.43
- Published: Jun. 30, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3729
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, whi... Read more
- EPSS Score: %22.29
- Published: Jul. 21, 2006
- Modified: Apr. 03, 2025