Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0201 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | |||||
CVE-2015-2114 | 2 Hp, Microsoft | 2 Support Solution Framework, Windows | 2024-02-28 | 6.8 MEDIUM | N/A |
HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | |||||
CVE-2009-5078 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. | |||||
CVE-2006-6503 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | |||||
CVE-2008-1192 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. | |||||
CVE-2008-1195 | 2 Canonical, Sun | 4 Ubuntu Linux, Jdk, Jre and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. | |||||
CVE-2006-3678 | 1 3com | 1 Tippingpoint Ips Tos | 2024-02-28 | 5.0 MEDIUM | N/A |
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. | |||||
CVE-2002-0493 | 1 Apache | 1 Tomcat | 2024-02-28 | 7.5 HIGH | N/A |
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. | |||||
CVE-2000-0277 | 1 Microsoft | 1 Excel | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. |