Lucene search
K

6758 matches found

ATTACKERKB
ATTACKERKB
•added 2016/09/26 7:59 p.m.•3 views

CVE-2016-7554

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.8AI score
Exploits0References1
CNVD
CNVD
•added 2016/09/24 12:0 a.m.•3 views

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-08178)

Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of segment identifiers in the SRC attribute of the IFRAME element allows remote attackers to build malicious web pages that can be exploited to trick users into parsing them, which can be used to bypass t...

8.8CVSS8.7AI score0.01489EPSS
Exploits0References1
OSV
OSV
•added 2016/09/02 7:0 a.m.•10 views

SUSE-SU-2016:2212-1 Security update for wireshark

This update to wireshark 1.12.13 fixes the following issues: - CVE-2016-6504: wireshark: NDS dissector crash bsc991012 - CVE-2016-6505: wireshark: PacketBB dissector could divide by zero bsc991013 - CVE-2016-6506: wireshark: WSP infinite loop bsc991015 - CVE-2016-6507: wireshark: MMSE infinite lo...

7.5CVSS5.9AI score0.0771EPSS
Exploits3References28
Tenable Nessus
Tenable Nessus
•added 2016/08/11 12:0 a.m.•20 views

GLSA-201608-01 : OptiPNG: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201608-01 OptiPNG: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OptiPNG. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a special...

9.3CVSS7.3AI score0.04426EPSS
Exploits2References4
Prion
Prion
•added 2016/08/06 10:59 a.m.•16 views

Code injection

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...

6.8CVSS7.2AI score0.00454EPSS
Exploits0References3Affected Software1
OSV
OSV
•added 2016/08/06 10:59 a.m.•3 views

UBUNTU-CVE-2014-9872

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...

7.8CVSS7.2AI score0.00454EPSS
Exploits0References4
Cvelist
Cvelist
•added 2016/08/06 10:0 a.m.•22 views

CVE-2014-9872

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721...

7.5AI score0.00454EPSS
Exploits0References3
NVD
NVD
•added 2016/07/15 6:59 p.m.•15 views

CVE-2016-0339

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

5.6CVSS5.3AI score0.01294EPSS
Exploits0References3
Prion
Prion
•added 2016/07/15 6:59 p.m.•17 views

Design/Logic Flaw

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

4.3CVSS6.8AI score0.01294EPSS
Exploits0References3Affected Software1
CNVD
CNVD
•added 2016/07/08 12:0 a.m.•4 views

IBM Jazz Reporting Service (JRS) Session Hijacking Vulnerability

IBM Jazz Reporting Service is an optional component of IBM Rational Reporting for Development Intelligence. IBM Jazz Reporting Service JRS has a security vulnerability in the Report Builder and Data Collection Component DCC implementations due to the program retaining session ID validity after...

8.8CVSS6.8AI score0.01028EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
•added 2016/07/06 12:0 a.m.•10 views

The vulnerability in Microsoft.NET Framework software allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for remote execution of code exists in the Microsoft .NET Framework. This vulnerability is related to incorrect handling of localized resource identifiers. Exploiting this vulnerability enables a malicious individual to gain full control over the system. They can then...

10CVSS5.9AI score0.19227EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
•added 2016/07/05 12:0 a.m.•10 views

The vulnerability of Google Chrome’s browser allows a malicious actor to replace URLs.

Google Chrome browser contains a vulnerability related to the incorrect processing of bidirectional IRI identifiers in the UnescapeURLWithOffsetsImpl function in net/base/escape.cc. Exploiting this vulnerability allows malicious actors to replace URLs with specially crafted Unicode text that is...

7.5CVSS7.7AI score0.01369EPSS
Exploits1References3Affected Software1
Gentoo Linux
Gentoo Linux
•added 2016/06/19 12:0 a.m.•71 views

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker can...

10CVSS9.4AI score0.46801EPSS
Exploits36
NVD
NVD
•added 2016/06/16 6:59 p.m.•22 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.8CVSS7.5AI score0.06539EPSS
Exploits0References13
OSV
OSV
•added 2016/06/16 6:59 p.m.•2 views

DEBIAN-CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.5CVSS9.2AI score0.06539EPSS
Exploits0References1
OSV
OSV
•added 2016/06/16 6:59 p.m.•3 views

ALPINE-CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.5CVSS8.7AI score0.06539EPSS
Exploits0References1
OSV
OSV
•added 2016/06/16 6:59 p.m.•48 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.5CVSS6.6AI score
Exploits0References13
Prion
Prion
•added 2016/06/16 6:59 p.m.•23 views

Code injection

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.8CVSS6.7AI score0.06539EPSS
Exploits0References13Affected Software4
CVE
CVE
•added 2016/06/16 6:0 p.m.•172 views

CVE-2016-5300

Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...

7.8CVSS7.7AI score0.06539EPSS
Exploits0References13Affected Software2
Debian CVE
Debian CVE
•added 2016/06/16 6:0 p.m.•77 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

7.8CVSS7.1AI score0.06539EPSS
Exploits0
Rows per page
Query Builder