Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20676 | 1 Getbootstrap | 1 Bootstrap | 2021-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | |||||
| CVE-2016-10735 | 1 Getbootstrap | 1 Bootstrap | 2021-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | |||||
| CVE-2018-14042 | 1 Getbootstrap | 1 Bootstrap | 2021-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | |||||
| CVE-2018-14040 | 2 Debian, Getbootstrap | 2 Debian Linux, Bootstrap | 2021-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | |||||
| CVE-2017-5661 | 1 Apache | 1 Formatting Objects Processor | 2021-07-22 | 7.9 HIGH | 7.3 HIGH |
| In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. | |||||
| CVE-2021-2456 | 1 Oracle | 1 Business Intelligence | 2021-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-2455 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Shared Components | 2021-07-22 | 5.5 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2021-2454 | 1 Oracle | 1 Vm Virtualbox | 2021-07-22 | 4.4 MEDIUM | 7.0 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-23897 | 2021-07-22 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability. However, the number was once accidentally misused to refer to the vulnerability that has the proper number of CVE-2021-31830. Notes: none. | |||||
| CVE-2018-20816 | 1 Salesagility | 1 Suitecrm | 2021-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed. | |||||
| CVE-2020-18151 | 1 Thinkcmf | 1 Thinkcmf | 2021-07-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | |||||
| CVE-2001-0807 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. | |||||
| CVE-2000-0439 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. | |||||
| CVE-1999-0858 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
| Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. | |||||
| CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | |||||
| CVE-1999-0354 | 1 Microsoft | 2 Internet Explorer, Word | 2021-07-22 | 7.5 HIGH | N/A |
| Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message. | |||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2021-07-22 | 2.6 LOW | N/A |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||||
| CVE-1999-1577 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | |||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.3 MEDIUM | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | |||||
| CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 10.0 HIGH | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | |||||
| CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | |||||
| CVE-1999-0669 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.0 MEDIUM | N/A |
| The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||||
| CVE-1999-0670 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.0 MEDIUM | N/A |
| Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. | |||||
| CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||
| CVE-1999-1016 | 2 Microsoft, Qualcomm | 4 Frontpage, Internet Explorer, Outlook Express and 1 more | 2021-07-22 | 5.0 MEDIUM | N/A |
| Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | |||||
| CVE-1999-1235 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.6 MEDIUM | N/A |
| Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | |||||
| CVE-1999-0668 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||||
| CVE-1999-0802 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.6 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. | |||||
| CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||||
| CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 4.6 MEDIUM | N/A |
| Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | |||||
| CVE-1999-0487 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files. | |||||
| CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | |||||
| CVE-1999-0490 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | |||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |||||
| CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. | |||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.2 HIGH | N/A |
| The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | |||||
| CVE-2000-0596 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
| Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. | |||||
| CVE-2000-0160 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2021-07-22 | 7.6 HIGH | N/A |
| The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. | |||||
| CVE-1999-0876 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-22 | 10.0 HIGH | N/A |
| Buffer overflow in Internet Explorer 4.0 via EMBED tag. | |||||
| CVE-1999-1087 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
| Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | |||||
| CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.1 MEDIUM | N/A |
| Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||||
| CVE-1999-0870 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. | |||||
| CVE-2001-0322 | 1 Microsoft | 3 Internet Explorer, Outlook, Outlook Express | 2021-07-22 | 5.0 MEDIUM | N/A |
| MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | |||||
| CVE-2000-0518 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||||
| CVE-2000-0519 | 1 Microsoft | 2 Ie, Internet Explorer | 2021-07-22 | 2.6 LOW | N/A |
| Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||||
| CVE-2000-0162 | 1 Microsoft | 3 Ie, Internet Explorer, Visual Studio | 2021-07-22 | 5.1 MEDIUM | N/A |
| The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||||
| CVE-1999-1094 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | |||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2021-07-22 | 5.0 MEDIUM | N/A |
| Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | |||||