Lucene search
K

5862 matches found

Debian CVE
Debian CVE
added 2016/08/06 10:0 a.m.24 views

CVE-2014-9897

sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bu...

5.5CVSS5.4AI score0.0046EPSS
Exploits0
Prion
Prion
added 2016/07/11 1:59 a.m.21 views

Design/Logic Flaw

platform/msmshared/partitionparser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 2013 devices does not validate certain GUID Partition Table GPT data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard MMC, aka Android internal...

9.3CVSS7AI score0.00543EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.4 views

Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information

A vulnerability exists in the cdfcountchain function in the cdf.c file of the Fileinfo component in PHP, due to improper data validation for the sector counters. Exploitation of this vulnerability allows malicious actors to induce a service failure abnormal termination of the application by using...

4.3CVSS7.4AI score0.11481EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Cisco IOS operating system, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability of the Cisco IOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS5.4AI score0.01887EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2016/05/19 12:0 a.m.50 views

Squid Poisoning Vulnerability (SQUID-2016:7) - Linux

Squid is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid";...

8.6CVSS8.5AI score0.79969EPSS
Exploits0References1
Mageia
Mageia
added 2016/05/11 7:27 p.m.50 views

Updated squid packages fix security vulnerability

Due to incorrect data validation of intercepted HTTP Request messages Squid is vulnerable to clients bypassing the protection against CVE-2009-0801 related issues. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache...

8.6CVSS0.7AI score0.79969EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/05/11 12:0 a.m.7 views

The vulnerability of the XSLTResult class implementation in the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the XSLTResult class implementation in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the stylesheetLocation parameter...

10CVSS8.2AI score0.20167EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2016/05/02 10:59 a.m.28 views

CVE-2015-2686

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...

7.8CVSS7AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/05/02 10:0 a.m.28 views

CVE-2015-2686

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for 1 sendto and 2 recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copyfromiter function in the ioviter interface, as demonstrated by the Bluetooth...

7.5AI score0.00385EPSS
Exploits0References10
CNVD
CNVD
added 2016/04/18 12:0 a.m.1 views

Midea's M-Smart smart socket has design logic flaws

M-Smart Smart Socket is a smart home appliance developed by Midea Group. Midea's M-Smart Smart Socket is susceptible to man-in-the-middle attacks due to insecure protocols for transmitting data and lack of validation of what is transmitted on the client and server side. The lack of effective...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/03/28 5:48 p.m.21 views

Shopify: XSS on https://app.shopify.com/

DESCRIPTION =========== It has been identified that the page located at https://app.shopify.com/ is prone to cross-site scripting issues. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious...

1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/03/23 12:0 a.m.7 views

The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the mechanism for verifying data correctness

The vulnerability of the Ruby on Rails software platform lies in the fact that the Active Model component supports the use of instance-level records for class methods. Exploiting this vulnerability allows a malicious actor to bypass the data validation mechanism by using a specially crafted...

5CVSS6.4AI score0.07157EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.6 views

The vulnerability of the Cisco Firepower Extensible Operating System allows a intruder to trigger a maintenance failure.

The vulnerability of the Cisco Firepower Extensible Operating System’s driver exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor, operating locally, to trigger a service failure using a pre-prepared USB device that transmits erroneous USB...

4.9CVSS5.5AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2016/01/04 5:59 a.m.0 views

DEBIAN-CVE-2015-8726

wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme MCS data, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted file...

5.5CVSS7.2AI score0.04639EPSS
Exploits1References1
OSV
OSV
added 2016/01/04 5:59 a.m.2 views

DEBIAN-CVE-2015-8711

epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...

5.5CVSS5.1AI score0.01763EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2016/01/04 12:0 a.m.37 views

KLA10730 Denial of service vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Improper data validation and lack of restrictions can be exploited remotely via a specially designed packet o...

5.5CVSS7.2AI score0.07142EPSS
Exploits14References3
BDU FSTEC
BDU FSTEC
added 2015/12/14 12:0 a.m.4 views

The vulnerability of the FFmpeg multimedia library, which allows a hacker to trigger a service failure

The vulnerability of the inittile function in the libavcodec/jpeg2000dec.c file of the FFmpeg multimedia library exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure using specially crafted JPEG 2000 data...

7.5CVSS7.4AI score0.02001EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.8 views

The vulnerability of the web application for data synchronization with ownCloud allows a hacker to circumvent existing access restrictions and gain access to users’ files.

The vulnerability of the virtual file system of the web application for data synchronization with ownCloud is related to the lack of data validation during data retrieval. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and gain access to user files b...

4CVSS5.5AI score0.01201EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2015/10/12 12:0 a.m.56 views

WordPress Pie Register 2.0.18 Cross Site Scripting

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 Pending CVSS: 4.3 Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register...

4.3CVSS6.5AI score0.04405EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2015/10/01 12:0 a.m.5 views

The vulnerability of the multimedia player iTunes and the iOS operating system allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability of the WebKit component in the multimedia player iTunes and the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially crafted...

6.8CVSS7.2AI score0.02782EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder