CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2015/08/05 4:20 p.m.•2 views

async-http-client: SSL/TLS certificate verification is disabled under certain conditions

It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...

4.3CVSS5.7AI score0.0106EPSS

RedHat Linux•added 2015/08/05 4:20 p.m.•3 views

async-http-client: missing hostname verification for SSL certificates

It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any...

4.3CVSS5.7AI score0.01049EPSS

n0where•added 2015/06/24 8:14 p.m.•199 views

Incident Response Malware Analysis: IRMA

Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...

0.3AI score

CNVD•added 2015/05/20 12:0 a.m.•1 views

async-http-client certificate validation vulnerability

async-http-client is a client library that allows Java applications to perform HTTP requests and asynchronously process that HTTP response. async-http-client fails to properly disable SSL/TLS certificate validation, allowing an attacker to exploit the vulnerability to conduct a man-in-the-middle...

4.3CVSS6.8AI score0.0106EPSS

Fedora•added 2015/05/08 7:38 a.m.•39 views

[SECURITY] Fedora 20 Update: async-http-client-1.7.22-2.fc20

Async Http Client library purpose is to allow Java applications to easily execute HTTP requests and asynchronously process the HTTP responses. The Async HTTP Client library is simple to use...

4.3CVSS0.9AI score0.0106EPSS

n0where•added 2015/05/04 12:2 p.m.•28 views

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

7.7AI score

Exploits0References3

GoogleProjectZero•added 2015/03/19 12:0 a.m.•35 views

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

10CVSS9.9AI score0.89185EPSS

Exploits4

CNVD•added 2015/03/18 12:0 a.m.•1 views

Linux kernel denial of service vulnerability (CNVD-2015-01817)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the file system implementation of Linux kernel 3.12.17 and prior versions, which originates from a program that uses an improper locking...

4.9CVSS6.2AI score0.00045EPSS

RedHat Linux•added 2015/03/17 2:39 p.m.•0 views

kernel: soft lockup on aio

It was found that due to excessive fileslock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system...

4.9CVSS6.5AI score0.00045EPSS

Cent OS•added 2015/03/17 1:28 p.m.•88 views

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2015:0290 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regul...

7.8CVSS6.9AI score0.02449EPSS

Exploits3References7

OSV•added 2015/03/16 10:59 a.m.•1 views

DEBIAN-CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service soft lockup or system crash via unspecified use of Asynchronous I/O AIO operations...

4.9CVSS6.2AI score0.00045EPSS

OSV•added 2015/03/16 10:59 a.m.•6 views

CVE-2014-8172

5.2AI score

Exploits0References6

OSV•added 2015/03/16 10:59 a.m.•0 views

UBUNTU-CVE-2014-8172

4.9CVSS6.5AI score0.00045EPSS

CNVD•added 2015/03/09 12:0 a.m.•3 views

Command Execution Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.

Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...

7.3AI score

RedHat Linux•added 2015/03/05 11:13 a.m.•1 views

kernel: soft lockup on aio

4.9CVSS6.5AI score0.00045EPSS

CNVD•added 2015/01/08 12:0 a.m.•2 views

WordPress Plugin AJAX Post Search 'the_search_function' SQL Injection Vulnerability

WordPress is a content management system developed using the PHP language. WordPress plugin AJAX Post Search 'thesearchfunction' suffers from a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the 'thesearchtext' parameter...

7.5CVSS8.6AI score0.00543EPSS

Exploits1References1

Fedora•added 2014/08/23 1:59 a.m.•35 views

[SECURITY] Fedora 20 Update: libserf-1.3.7-1.fc20

The serf library is a C-based HTTP client library built upon the Apache Portable Runtime APR library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation...

4CVSS1AI score0.02097EPSS