CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2013/12/17 12:0 a.m.•24 views

Fedora Update for subversion FEDORA-2013-22208

Check for the Version of subversion OpenVAS Vulnerability Test Fedora Update for subversion FEDORA-2013-22208 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

3.5CVSS8.7AI score0.07858EPSS

ThreatPost•added 2013/12/06 9:32 a.m.•12 views

Siemens Patches Authentication Bypass Flaw in SINAMICS ICS Software

Siemens has patched a serious remotely exploitable vulnerability in its SINAMICS S/G ICS software that could enable an attacker to take arbitrary actions on a vulnerable installation without having to authenticate. The vulnerability affects all versions of the Siemens SINAMICS S/G products with...

2.6AI score

NVD•added 2013/12/02 10:55 p.m.•20 views

CVE-2013-6695

The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...

4CVSS5.6AI score0.00947EPSS

ThreatPost•added 2013/11/21 3:30 p.m.•10 views

Stuxnet Had Older, More Complex Variant

Stuxnet was a two-headed beast as it turns out, one that could have laid waste to the Natanz nuclear facility which it infected, and one that should have, by expert accounts, remained undetected if not for the noisier yet less complex second attack routine that is now familiar to the world...

0.6AI score

Prion•added 2013/10/24 10:53 a.m.•12 views

Code injection

Cisco Secure Access Control System ACS does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service process crash via a flood of crafted packets, aka Bug ID CSCui51521...

5CVSS7.1AI score0.01497EPSS

ThreatPost•added 2013/09/23 3:24 p.m.•8 views

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory

Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by...

7.7AI score

Exploits0References4

Tenable Nessus•added 2013/09/12 12:0 a.m.•29 views

Cisco Secure Access Control System (ACS) Multiple Vulnerabilities

The version of Cisco Secure Access Control System installed on the remote host is potentially affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the web interface. CVE-2013-3423 - An unspecified cross-site request forgery vulnerability exists in t...

6.8CVSS5.1AI score0.01189EPSS

Exploits0References5

NVD•added 2013/09/06 11:15 a.m.•14 views

CVE-2012-5990

Multiple cross-site scripting XSS vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System NCS and Wireless Control System WCS allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375...

4.3CVSS5.8AI score0.01531EPSS

Prion•added 2013/09/06 11:15 a.m.•9 views

Cross site scripting

4.3CVSS6.1AI score0.01531EPSS

Cvelist•added 2013/09/06 10:0 a.m.•17 views

CVE-2012-5990

5.7AI score0.01531EPSS

ICS•added 2013/09/06 6:0 a.m.•28 views

Siemens SINAMICS S/G Authentication Bypass Vulnerability

OVERVIEW Siemens has identified an authentication bypass vulnerability in the SINAMICS S/G product family. Siemens has produced a firmware update that mitigates this vulnerability and has tested the update to validate that it resolves the vulnerability. Exploitation of this vulnerability could...

10CVSS6.7AI score0.03235EPSS

Exploits0References10

NVD•added 2013/09/04 3:24 a.m.•21 views

CVE-2013-5470

Cisco Secure Access Control System ACS does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service process crash via malformed TCP packets, aka Bug ID CSCuh12488...

5CVSS6.6AI score0.0186EPSS

Prion•added 2013/09/04 3:24 a.m.•18 views

Code injection

5CVSS7.1AI score0.0186EPSS

Cvelist•added 2013/09/04 1:0 a.m.•24 views

CVE-2013-5470

6.6AI score0.0186EPSS

CVE•added 2013/09/04 1:0 a.m.•47 views

CVE-2013-5470

Cisco Secure ACS is affected by CVE-2013-5470 due to a flaw in the TACACS+ socket read function that allows an unauthenticated, remote attacker to crash the runtime process and cause a denial of service. The issue stems from improper processing of read requests on the TACACS+ socket, and can be t...

5CVSS6.8AI score0.0186EPSS

Exploits0References3Affected Software1

CERT•added 2013/09/03 12:0 a.m.•22 views

Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS)

Overview Cisco Prime NCS and WCS Health Monitor Login pages contain a reflected cross-site scripting XSS vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Cisco Prime Network Control System NCS and Wireless Control System...

4.3CVSS5.5AI score0.01531EPSS