CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/01/17 5:4 p.m.•19 views

SUSE-SU-2017:0190-1 Security update for nginx-1.0

This update for nginx-1.0 fixes the following issues: This security issues fixed: - CVE-2016-4450: NULL pointer dereference while writing client request body bsc982505. - CVE-2016-1000105: Setting HTTPPROXY environment variable via Proxy header httpoxy bnc988491...

7.5CVSS7.8AI score0.16376EPSS

Exploits0References5

Tenable Nessus•added 2017/01/16 12:0 a.m.•49 views

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170113)

Security Fixes : - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox...

RedHat Linux•added 2017/01/13 12:0 a.m.•82 views

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives...

9.6CVSS6.6AI score0.05437EPSS

Tenable Nessus•added 2017/01/13 12:0 a.m.•62 views

CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2017:0061)

Tenable Nessus•added 2017/01/13 12:0 a.m.•96 views

Exploits0References8

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2017:0061)

OpenVAS•added 2017/01/13 12:0 a.m.•23 views

Exploits0References11

CentOS Update for java CESA-2017:0061 centos7

Check the version of java SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882632";...

9.6CVSS6.3AI score0.05437EPSS

OpenVAS•added 2017/01/13 12:0 a.m.•42 views

CentOS Update for java CESA-2017:0061 centos5

9.6CVSS6.3AI score0.05437EPSS

Cent OS•added 2017/01/12 3:48 p.m.•92 views

java security update

CentOS Errata and Security Advisory CESA-2017:0061 An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.6CVSS6.6AI score0.05437EPSS

Exploits0References7

Prion•added 2017/01/10 3:59 p.m.•14 views

Code injection

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

5CVSS7AI score0.01476EPSS

Exploits0References2Affected Software1

OSV•added 2017/01/10 3:59 p.m.•3 views

CVE-2016-6286

7.5CVSS5.8AI score0.01476EPSS

RedhatCVE•added 2016/12/19 9:17 a.m.•42 views

CVE-2016-10003

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients...

7.5CVSS0.7AI score0.04772EPSS

GoogleProjectZero•added 2016/12/14 12:0 a.m.•19 views

Chrome OS exploit: one byte overflow and symlinks

The following article is an guest blog post from an external researcher i.e. the author is not a Project Zero or Google researcher. This post is about a Chrome OS exploit I reported to Chrome VRP in September. The Project Zero folks were nice to let me do a guest post about it, so here goes. The...

8.1AI score

Exploits0

Ubuntu•added 2016/12/08 12:30 a.m.•108 views

USN-3154-1: OpenJDK 6 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

9.6CVSS7.2AI score0.05437EPSS

Exploits0

Tenable Nessus•added 2016/12/08 12:0 a.m.•50 views

Ubuntu 12.04 LTS : openjdk-6 vulnerabilities (USN-3154-1)

9.6CVSS7.1AI score0.05437EPSS

Tenable Nessus•added 2016/11/21 12:0 a.m.•257 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-771)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. CVE-2016-5542 A flaw was found in the way the JMX...

OpenVAS•added 2016/11/20 12:0 a.m.•40 views

CentOS Update for java CESA-2016:2658 centos5

Check for the Version of java SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882600";...

9.6CVSS6.3AI score0.05437EPSS

Tenable Nessus•added 2016/11/18 12:0 a.m.•46 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3130-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3130-1 advisory. It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without...

9.6CVSS7.3AI score0.05437EPSS