Every CVE whose affected-product data names Sun Cobalt Raq 2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-1999-0722 — CVSS 10.0 (critical): The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
CVE-2000-0431 — CVSS 7.5 (high): Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows…
CVE-2000-0442 — CVSS 7.5 (high): Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl…
CVE-2002-0346 — CVSS 7.5 (high): Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript…
CVE-2002-0348 — CVSS 7.5 (high): service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service…
CVE-2000-0117 — CVSS 7.2 (high): The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators…
CVE-2002-0347 — CVSS 5.0 (medium): Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the…
CVE-2000-0320 — CVSS 5.0 (medium): Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to…
CVE-2000-0234 — CVSS 5.0 (medium): The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a…
CVE-2002-0430 — CVSS 3.7 (low): MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite…
CVE-1999-1530 — CVSS 3.6 (low): cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site…