Search
14,626 CVEs · Low severity
CVEs (14,626, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 476–500 of 14,626 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2018-19420 | LOW | 3.8 | 2018-11-21 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an … | |
| CVE-2018-19421 | LOW | 3.8 | 2018-11-21 | In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate… | |
| CVE-2018-10871 | LOW | Patched | 3.8 | 2018-07-18 | 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are … |
| CVE-2018-10852 | LOW | Patched | 3.8 | 2018-06-26 | The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the… |
| CVE-2018-2831 | LOW | Patched | 3.8 | 2018-04-19 | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2… |
| CVE-2018-2792 | LOW | Patched | 3.8 | 2018-04-19 | Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.… |
| CVE-2018-2412 | LOW | 3.8 | 2018-04-10 | SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |
| CVE-2018-5730 | LOW | Patched | 3.8 | 2018-03-06 | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both… |
| CVE-2017-3892 | LOW | 3.8 | 2017-11-14 | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to … | |
| CVE-2017-9369 | LOW | 3.8 | 2017-11-14 | In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP c… | |
| CVE-2017-10365 | LOW | Patched | 3.8 | 2017-10-19 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable … |
| CVE-2017-4896 | LOW | 3.8 | 2017-05-10 | Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue … | |
| CVE-2017-7995 | LOW | Patched | 3.8 | 2017-05-03 | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclos… |
| CVE-2016-3159 | LOW | Patched | 3.8 | 2016-04-13 | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest… |
| CVE-2016-3158 | LOW | Patched | 3.8 | 2016-04-13 | The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS… |
| CVE-2015-2651 | LOW | 3.8 | 2015-07-16 | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver. | |
| CVE-2013-6219 | LOW | Patched | 3.8 | 2014-04-19 | Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. |
| CVE-2013-3792 | LOW | Patched | 3.8 | 2013-10-16 | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect… |
| CVE-2013-2140 | LOW | Patched | 3.8 | 2013-09-25 | The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a… |
| CVE-2013-1530 | LOW | 3.8 | 2013-04-17 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | |
| CVE-2010-2393 | LOW | 3.8 | 2010-07-13 | Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to RPC. | |
| CVE-2007-1352 | LOW | Patched | 3.8 | 2007-04-06 | Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in th… |
| CVE-2002-2202 | LOW | 3.8 | 2002-12-31 | Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email. | |
| CVE-2026-11555 | LOW | 3.7 | 2026-06-08 | A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such m… | |
| CVE-2025-52609 | LOW | 3.7 | 2026-06-04 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of m… |