Huawei CloudEngine Switch Security Bypass (HWPSIRT-2013-1256)
The remote host is a Huawei switch running a firmware version that is affected by a security bypass vulnerability due to a failure of access control. An authenticated attacker can exploit this vulnerability to execute commands with higher-level...
0.4AI Score
EPSS
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module...
0.5AI Score
0.949EPSS
0.5AI Score
0.949EPSS
7.6AI Score
0.956EPSS
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2310-1)
It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly...
7.8AI Score
0.956EPSS
Releases Ubuntu 14.04 ESM Ubuntu 12.04 Ubuntu 10.04 Packages krb5 - MIT Kerberos Network Authentication Protocol Details It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a...
8.7AI Score
0.956EPSS
7.1AI Score
0.936EPSS
[SECURITY] Fedora 19 Update: krb5-1.11.3-24.fc19
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted...
3.1AI Score
0.936EPSS
Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
University of Minnesota Gopherd 2.0.x/2.3/3.0.x FTP Gateway Buffer Overflow Vulnerability
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Fedora 20 : python-2.7.5-13.fc20 (2014-7800)
Fix for CVE-2014-4616 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
5.9CVSS
-0.7AI Score
0.003EPSS
7.1AI Score
5.9CVSS
6.2AI Score
0.003EPSS
7.1AI Score
GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly...
9.1CVSS
1.9AI Score
EPSS
IcedTea JDK: Multiple vulnerabilities
Background IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Description Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute...
9.1CVSS
9.5AI Score
EPSS
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1663-1)
Update to icedtea 2.4.3 (bnc#846999) synchronized OpenJDK 7 support with the upstream u45 b31 fixes the following issues : S8006900, CVE-2013-3829: Add new date/time capability S8008589: Better MBean permission validation S8011071, CVE-2013-5780: Better crypto provider handling S8011081,...
0.1AI Score
0.143EPSS
The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January...
0.6AI Score
0.433EPSS
IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)
According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation,...
0.8AI Score
0.433EPSS
IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities
The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January...
0.6AI Score
0.433EPSS
TigerVNC < 1.3.1 ZRLE Heap-based Buffer Overflow
According to its self-identified version number, the TigerVNC install hosted on the remote web server is affected by a heap-based buffer overflow vulnerability. A flaw exists when performing bounds check during ZRLE decoding. This could allow a remote attacker with a malicious server and a...
9.8CVSS
0.1AI Score
0.003EPSS
JVN#81739241: sp mode mail issue when accessing attachments in incoming mail
sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. ## Impact If a malicious Android application is installed on the device, attachments...
6.4AI Score
0.001EPSS
JVN#05951929: sp mode mail issue where emails in the process of creation may be accessed
sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android...
6.4AI Score
0.001EPSS
GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An...
1AI Score
0.975EPSS
Oracle JRE/JDK: Multiple vulnerabilities
Background The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Description Multiple vulnerabilities have been reported in the Oracle Java.....
8.3AI Score
0.975EPSS
0.4AI Score
0.433EPSS
6.8AI Score
0.433EPSS
Ubuntu 12.10 / 13.04 / 13.10 : openjdk-7 vulnerabilities (USN-2089-1)
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the...
6.1AI Score
0.433EPSS
Releases Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Packages openjdk-7 - Open Source Java implementation Details Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the...
7.1AI Score
0.433EPSS
7.4AI Score
EPSS
Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data Disclosure
Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data...
AI Score
BUGTRAQ ID: 64634 CloudEngine系列是华为公司面向下一代数据中心和高端园区推出的“云”级高性能交换机。 Huawei CloudEngine系列交换机的HWTACACS模块在实现上存在多个安全限制绕过漏洞。若攻击者拥有低权限的用户名称和密码并能够登录受影响设备,则可以利用这些漏洞绕过服务器身份验证检查,提升用户权限并执行任意命令。 0 Huawei CloudEngine Series Switches CE6800 Huawei CloudEngine Series Switches CE5800 Huawei CloudEngine Series...
6.9AI Score
Security Advisory-A Vulnerability on the HWTACACS Authorization Module of the CloudEngine
The HWTACACS modules of some Huawei CloudEngine series switches have vulnerabilities. Attackers can execute the commands that can be used by users with higher-level permissions by bypass the right check of HWTACACS server. (HWPSIRT-2013-1256). This Vulnerability has been assigned Common...
6.7AI Score
EPSS
GLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. ...
1.4AI Score
0.956EPSS
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
7.4AI Score
0.956EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Dec 11 10:53:34 CST 2013 | Updated: Mon Feb 3 10:36:58 CST 2014 | Updated: Sections II and III modifications | Updated: Includes VIOS The most recent version of this document is available here:...
8.2AI Score
0.143EPSS
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
Quarterly update fixes over 130 vulnerabilities in different...
2.1AI Score
0.974EPSS
6.6AI Score
0.936EPSS
AI Score
0.936EPSS
[SECURITY] Fedora 19 Update: krb5-1.11.3-13.fc19
Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted...
3.1AI Score
0.936EPSS
Security update for IBM Java 7 (important)
IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ ...
0.5AI Score
0.143EPSS
SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)
IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on:...
0.7AI Score
0.143EPSS
Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:267)
Updated java-1.7.0-openjdk packages fix security vulnerabilities : Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the.....
1AI Score
0.143EPSS
Security update for Java 6 (important)
IBM Java 6 SR15 has been released which fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ ...
0.4AI Score
0.143EPSS