CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8501 matches found

CVE•added 2017/05/23 2:0 p.m.•49 views

CVE-2017-9212

The CVE concerns the Bluetooth stack in the 2011 BMW 330i. A vulnerability in the device name string allows remote crash of the CD/Multimedia software via format string specifiers like %x or %c. This is a network-accessible issue tied to the Bluetooth stack, with a high impact on availability (CR...

7.8CVSS7.5AI score0.00296EPSS

Exploits1References1Affected Software1

BDU FSTEC•added 2017/05/18 12:0 a.m.•3 views

The vulnerability of the Cisco IOS operating system’s DHCP service allows a attacker to trigger a device reboot and a service failure.

The vulnerability of the DHCP service in Cisco IOS operating systems is related to the use of an uncontrolled format string. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure through a specially crafted DHCP packet...

7.8CVSS7.2AI score0.00344EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2017/05/18 12:0 a.m.•3 views

PT-2017-4282 · Rsyslog +1 · Rsyslog +1

Name of the Vulnerable Software and Affected Versions: Rsyslog versions prior to 8.28.0 Description: The issue is related to insufficient processing of format strings in the input/output modules of the Rsyslog utility for log processing. Exploitation of this issue could allow a remote attacker to...

10CVSS9.4AI score0.0043EPSS

Exploits0References13

Prion•added 2017/05/12 6:29 p.m.•11 views

Format string

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

5CVSS7AI score0.01598EPSS

Exploits0References2Affected Software1

NVD•added 2017/05/12 6:29 p.m.•17 views

CVE-2016-4864

7.5CVSS7.4AI score0.01598EPSS

Exploits0References2

OSV•added 2017/05/12 6:29 p.m.•13 views

CVE-2016-4864

7.5CVSS6.8AI score

Exploits0References2

CVE•added 2017/05/12 6:0 p.m.•48 views

CVE-2016-4864

CVE-2016-4864 affects H2O web server: versions 2.0.3 and earlier and 2.1.0-beta2 and earlier are vulnerable to a DoS via format string specifiers in template files processed by fastcgi, mruby, proxy, redirect or reproxy. Connected sources confirm this vulnerability class and affected ranges, with...

7.5CVSS7.3AI score0.01598EPSS

Exploits0References2Affected Software1

Debian CVE•added 2017/05/12 6:0 p.m.•21 views

CVE-2016-4864

7.5CVSS7.4AI score0.01598EPSS

Exploits0

seebug.org•added 2017/04/21 12:0 a.m.•37 views

cgiemail and cgiecho Multiple Security Vulnerabilities (CVE-2017-5613)

SEC-212 Format string injection The ability to supply arbitrary format strings to cgiemail and cgiecho allowed code execution whenever a user was able to provide a cgiemail template file. Use CVE-2017-5613. SEC-214 Open redirect The cgiemail and cgiecho binaries served as an open redirect due to...

6.8CVSS7AI score0.0052EPSS

Exploits1

BDU FSTEC•added 2017/04/20 12:0 a.m.•3 views

The vulnerability of the Mac OS X operating system, which allows a hacker to execute arbitrary code

The vulnerability of the Printing component in the Mac OS X operating system is related to the use of an uncontrolled format string. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted URL...

6.8CVSS8AI score0.01005EPSS

Exploits0References3Affected Software1

OpenVAS•added 2017/04/18 12:0 a.m.•35 views

Apple Mac OS X Multiple Vulnerabilities-02 (Apr 2017)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.9AI score0.22068EPSS

Exploits1References7

Gitee•added 2017/04/15 4:16 p.m.•3 views

EQGRP

This is an exploit module for the Linux operating system, specifically targeting the 7z file archiver. The module is designed to exploit a vulnerability in the 7z program, allowing an attacker to execute arbitrary code on the system. The exploit is likely to be used for remote code execution RCE ...

8.8AI score

Exploits0

Prion•added 2017/04/13 2:59 p.m.•12 views

Format string

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

6.8CVSS7.7AI score0.01778EPSS

Exploits0References2Affected Software1

OSV•added 2017/04/13 2:59 p.m.•2 views

DEBIAN-CVE-2015-8107

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

7.8CVSS7.9AI score0.01778EPSS

Exploits0References1