CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5747 matches found

Tenable Nessus•added 2014/10/12 12:0 a.m.•24 views

Amazon Linux AMI : mod_wsgi (ALAS-2014-376)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

7.5CVSS6.6AI score0.08583EPSS

Exploits0References3

Tenable Nessus•added 2014/10/12 12:0 a.m.•51 views

Amazon Linux AMI : httpd (ALAS-2011-1)

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header...

7.8CVSS7.4AI score0.90456EPSS

Exploits17References2

Tenable Nessus•added 2014/10/12 12:0 a.m.•52 views

Amazon Linux AMI : httpd (ALAS-2014-414)

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' C Tenable Networ...

5CVSS6.3AI score0.65044EPSS

Exploits2References2

OSV•added 2014/10/10 10:55 a.m.•4 views

CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

4.5AI score

Exploits0References35

Prion•added 2014/10/10 10:55 a.m.•30 views

Null pointer dereference

5CVSS6.8AI score0.04809EPSS

Exploits0References29Affected Software9

Cvelist•added 2014/10/10 10:0 a.m.•39 views

CVE-2014-3581

6.5AI score0.04809EPSS

Exploits0References29

Debian CVE•added 2014/10/10 10:0 a.m.•49 views

CVE-2014-3581

5CVSS5.9AI score0.04809EPSS

Exploits0

UbuntuCve•added 2014/10/10 12:0 a.m.•30 views

CVE-2014-3581

5CVSS6.8AI score0.04809EPSS

Exploits0References2

Tenable Nessus•added 2014/10/10 12:0 a.m.•156 views

F5 Networks BIG-IP : Multiple GNU Bash vulnerabilities (SOL15629) (Shellshock)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS8.2AI score0.9422EPSS

Exploits157References12

Check Point Advisories•added 2014/10/06 12:0 a.m.•15 views

Apache HTTP Server mod_cache Denial of Service (CVE-2013-4352)

A denial of service vulnerability exists in Apache HTTP server. A remote unauthenticated attacker can leverage this vulnerability by sending a malicious response to the target server. Successful exploitation would result in a denial of service condition on the target...

4.3CVSS2.1AI score0.24352EPSS

Exploits0

Tenable Nessus•added 2014/10/01 12:0 a.m.•45 views

CentOS 5 / 6 : php / php53 (CESA-2014:1326)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

6.8CVSS7.9AI score0.30214EPSS

Exploits5References7

OpenVAS•added 2014/10/01 12:0 a.m.•42 views

CentOS Update for php53 CESA-2014:1326 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7AI score0.30214EPSS

Exploits5References2

Tenable Nessus•added 2014/10/01 12:0 a.m.•242 views

Oracle Linux 7 : php (ELSA-2014-1327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1327 advisory. - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix...

6.8CVSS7.3AI score0.37602EPSS

Exploits8References9

OSV•added 2014/09/30 10:55 a.m.•10 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

10CVSS9.7AI score0.91694EPSS

Exploits31References110

Prion•added 2014/09/30 10:55 a.m.•34 views

Design/Logic Flaw

10CVSS9.7AI score0.9422EPSS

Exploits155References110Affected Software1

ATTACKERKB•added 2014/09/30 10:55 a.m.•13 views

CVE-2014-6278

10CVSS7.3AI score0.9422EPSS

In wildExploits155References137

Cent OS•added 2014/09/30 10:27 a.m.•86 views

php, php53 security update

CentOS Errata and Security Advisory CESA-2014:1326 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring...

6.8CVSS7.2AI score0.30214EPSS

Exploits5References7

Debian CVE•added 2014/09/30 10:0 a.m.•57 views

CVE-2014-6278

10CVSS9AI score0.91694EPSS

Exploits31

Cvelist•added 2014/09/30 10:0 a.m.•44 views

CVE-2014-6278

8.4AI score0.91694EPSS

Exploits31References110

OSV•added 2014/09/30 12:0 a.m.•0 views

UBUNTU-CVE-2014-6278