CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

668 matches found

Zero Day Initiative•added 2015/05/12 12:0 a.m.•39 views

Adobe Acrobat Reader Text Annotations Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

6.8CVSS6.3AI score0.10343EPSS

Exploits0References1

Zero Day Initiative•added 2015/05/12 12:0 a.m.•33 views

Adobe Acrobat Reader Line Annotations Out-Of-Bounds Read Remote Code Execution Vulnerability

6.8CVSS6.2AI score0.12127EPSS

Exploits0References1

myhack58•added 2015/04/02 12:0 a.m.•22 views

SpringMVC in the XXE vulnerability testing-vulnerability warning-the black bar safety net

SpringMVC framework support for XML to Object mapping, the interior is the use of two global interface Marshaller and Unmarshaller, one implementation is to use the Jaxb2Marshaller class implementation, the class nature implements two global interfaces for XML and Object bi-directional parsing. A...

0.2AI score

Exploits0

Atlassian•added 2015/02/27 1:46 p.m.•18 views

Restrictions not applied for inline comments in attachments

When there is a comment for a file which is attached to a restricted page, all users can see the comment, even the ones who are not allowed to see the page and its attachments. h3. Workaround for 5.7 There is no workaround for customers running Confluence 5.7. Customers are advised to upgrade to...

4.2AI score

Exploits0Affected Software1

Atlassian•added 2015/02/27 1:46 p.m.•21 views

Restrictions not applied for inline comments in attachments

4.2AI score

Exploits0

CNVD•added 2014/12/26 12:0 a.m.•4 views

IBM WebSphere Application Server Liberty Profile Elevation of Privilege Vulnerability

IBM WebSphere Application Server is developed by IBM in accordance with open standards and issued an application server. An elevation of privilege vulnerability in IBM WebSphere Application Server Liberty Profile version 8.5.x prior to 8.5.5.4 allows remote attackers to gain privileges by...

5.1CVSS7.3AI score0.0232EPSS

Exploits0References1

Prion•added 2014/12/18 4:59 p.m.•26 views

Design/Logic Flaw

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations...

5.1CVSS7.2AI score0.0232EPSS

Exploits0References6Affected Software1

CVE•added 2014/12/18 4:0 p.m.•71 views

CVE-2014-8890

CVE-2014-8890 affects IBM WebSphere Application Server Liberty Profile (8.5.x) where a remote attacker can gain elevated privileges when deployment-descriptor security constraints are combined with ServletSecurity annotations. Root cause: improper handling of security configuration in the servlet...

5.1CVSS5.3AI score0.0232EPSS

Exploits0References6Affected Software1

RedHat Linux•added 2014/07/18 1:46 a.m.•2 views

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is...

9.3CVSS7.4AI score0.05233EPSS

Exploits1References5

Prion•added 2014/07/17 5:10 a.m.•41 views

Design/Logic Flaw

9.3CVSS5.6AI score0.05233EPSS

Exploits1References14Affected Software5

UbuntuCve•added 2014/07/17 12:0 a.m.•30 views

CVE-2014-2483

9.3CVSS7.2AI score0.05233EPSS

Exploits1References5

RedHat Linux•added 2014/07/16 8:49 a.m.•2 views

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

9.3CVSS7.4AI score0.05233EPSS

Exploits1References5

RedHat Linux•added 2014/07/16 5:18 a.m.•1 views

OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)

9.3CVSS7.4AI score0.05233EPSS

Exploits1References5

Fedora•added 2013/12/09 2:0 a.m.•14 views

[SECURITY] Fedora 18 Update: php-symfony2-Validator-2.2.10-1.fc18

This component is based on the JSR-303 Bean Validation specification and enables specifying validation rules for classes using XML, YAML, PHP or annotations, which can then be checked against instances of these classes. Optional dependencies: APC, DoctrineCommon...

5CVSS2.4AI score0.01868EPSS

Exploits0

Fedora•added 2013/08/21 12:6 a.m.•26 views

[SECURITY] Fedora 19 Update: php-symfony2-Validator-2.2.5-1.fc19

8.1CVSS2.4AI score0.01445EPSS

Exploits0

Fedora•added 2013/08/21 12:2 a.m.•23 views

[SECURITY] Fedora 18 Update: php-symfony2-Validator-2.2.5-1.fc18

8.1CVSS2.4AI score0.01445EPSS

Exploits0

Zero Day Initiative•added 2013/04/09 12:0 a.m.•40 views

Apple Mac OS X PDF Ink Annotations Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a PDF...

6.8CVSS5.5AI score0.01844EPSS

Exploits2References1

NVD•added 2013/03/15 8:55 p.m.•29 views

CVE-2013-0971

Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted ink annotations in a PDF document...

6.8CVSS6.9AI score0.01844EPSS

Exploits2References1

Prion•added 2013/03/15 8:55 p.m.•21 views

Design/Logic Flaw

6.8CVSS8AI score0.01844EPSS

Exploits2References1Affected Software2