Lucene search
+L

92 matches found

Tenable Nessus
Tenable Nessus
added 2014/03/26 12:0 a.m.63 views

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : openssh vulnerability (USN-2155-1)

Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions. Note that Tenable Network Security has extracted the preceding description block directly from the Ubun...

5.8CVSS6.6AI score0.04751EPSS
Exploits1References2
OSV
OSV
added 2013/08/20 10:55 p.m.6 views

CVE-2013-2155

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS6.6AI score0.05805EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2013/08/20 10:55 p.m.30 views

CVE-2013-2155

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS5.9AI score0.05805EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2013/08/20 10:0 p.m.49 views

CVE-2013-2155

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS5.9AI score0.05805EPSS
Exploits0
CVE
CVE
added 2013/08/20 10:0 p.m.81 views

CVE-2013-2155

CVE-2013-2155 affects Apache Santuario XML Security for C++ (xml-security-c) prior to 1.7.1. The issue is failure to properly validate length values, allowing remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof signatures via crafted length val...

5.8CVSS9.1AI score0.05805EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2013/06/18 12:0 a.m.38 views

DSA-2710-1 xml-security-c - several

Bulletin has no description...

7.5CVSS5.9AI score0.08402EPSS
Exploits2
OpenVAS
OpenVAS
added 2013/06/17 12:0 a.m.18 views

Debian: Security Advisory (DSA-2710-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.08402EPSS
Exploits2References3
CVE
CVE
added 2012/08/14 11:0 p.m.44 views

CVE-2012-2155

CVE-2012-2155: CSRF vulnerability in the CDN2 Video module 6.x for Drupal. The issue allows remote attackers to hijack the authentication of unspecified victims via unknown vectors due to CSRF in the module’s Form API behavior. Affected software is the Drupal CDN2 Video contributed module (versio...

6.8CVSS7.3AI score0.00695EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/08/14 11:0 p.m.17 views

CVE-2012-2155

Cross-site request forgery CSRF vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

7.1AI score0.00695EPSS
Exploits0References6
Drupal
Drupal
added 2012/03/28 12:0 a.m.18 views

SA-CONTRIB-2012-050 - CDN2 Video - Unsupported

CDN2 is a plug and play module and video management service for Drupal. The module does not sanitize output correctly, allowing for a cross-site scripting XSS vulnerability. Additionally, the Form API is not correctly utilized allowing for cross-site request forgery CSRF attempts. This module...

6.8CVSS5.6AI score0.01284EPSS
Exploits0References7
CVE
CVE
added 2011/05/20 10:0 p.m.52 views

CVE-2011-2155

The CVE-2011-2155 entry concerns SmarterTools SmarterStats 6.0. The vulnerability arises in Login.aspx where a password form field (ctl00$MPH$txtPassword) is generated with autocomplete enabled, which can enable an attacker to bypass authentication when a workstation is left unattended. According...

7.5CVSS7.2AI score0.03913EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.31 views

CVE-2011-2155

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

7AI score0.03913EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2011/03/07 12:0 a.m.30 views

Debian Security Advisory DSA 2155-1 (freetype)

The remote host is missing an update to freetype announced via advisory DSA 2155-1. OpenVAS Vulnerability Test $Id: deb21551.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2155-1 freetype Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

6.8CVSS0.1AI score0.05276EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/02/01 12:0 a.m.34 views

Debian DSA-2155-1 : freetype - several vulnerabilities

Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2155. The text itself is...

6.8CVSS6.3AI score0.05276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/12/02 12:0 a.m.25 views

SuSE 11 Security Update : gimp (SAT Patch Number 2155)

Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files. CVE-2009-1570 / CVE-2009-3909 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

9.3CVSS6AI score0.08689EPSS
Exploits2References6
Prion
Prion
added 2010/06/07 5:13 p.m.20 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2155. Reason: This candidate is a duplicate of CVE-2010-2155. Notes: All CVE users should reference CVE-2010-2155 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.7AI score0.02014EPSS
Exploits0
CVE
CVE
added 2010/06/07 4:0 p.m.43 views

CVE-2010-2052

CVE-2010-2052 is a duplicate and not used; reference CVE-2010-2155.

6.2AI score
Exploits0
Debian
Debian
added 2010/06/06 2:36 p.m.74 views

[SECURITY] [DSA 2056-1] New zonecheck packages fix cross-site scripting

------------------------------------------------------------------------ Debian Security Advisory DSA-2056-1 [email protected] http://www.debian.org/security/ Sébastien Delafond June 06, 2010 http://www.debian.org/security/faq -...

4.3CVSS5.7AI score0.02443EPSS
Exploits1
NVD
NVD
added 2010/06/03 4:30 p.m.25 views

CVE-2010-2155

Multiple cross-site scripting XSS vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 xmlnode.value, 2 zc-error text, 3 $zcversion, 4 domainname in a zc-title row, different vulnerabilities than...

4.3CVSS5.5AI score0.02014EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2010/06/03 4:30 p.m.16 views

CVE-2010-2155

Multiple cross-site scripting XSS vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 xmlnode.value, 2 zc-error text, 3 $zcversion, 4 domainname in a zc-title row, different vulnerabilities than...

4.3CVSS5.9AI score0.02014EPSS
Exploits0References1
Rows per page
Query Builder