Lucene search
+L

155 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.25 views

Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation

Binary data 700690.pasl...

7.5CVSS8AI score0.16567EPSS
Exploits1References2
OSV
OSV
added 2019/03/21 4:0 p.m.17 views

CVE-2018-16789

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down...

7.5CVSS6.6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.32 views

Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation

According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...

7.5CVSS7.4AI score0.16567EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.43 views

Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation

According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78 or 8.5.x prior to 8.5.15. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet...

7.5CVSS7.4AI score0.16567EPSS
Exploits1References2
OSV
OSV
added 2017/12/20 11:29 p.m.3 views

DEBIAN-CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

7.8CVSS5.9AI score0.00561EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2017/11/20 5:30 p.m.15 views

US-CERT Warns of ASLR Implementation Flaw In Windows

The U.S. Computer Emergency Readiness Team is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10. The vulnerability could allow a remote attacker to take control of an affected system. Microsoft said it...

0.1AI score
Exploits0References4
Prion
Prion
added 2017/03/28 2:59 a.m.19 views

Design/Logic Flaw

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

4CVSS4.6AI score0.01103EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2017/02/10 4:55 a.m.30 views

Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the PKCS7 implementation doesn't correctly handle a lack of outer ContentInfo. This flaw allows attackers to cause null pointer dereferences and applications crashes through malformed data with ASN.1 encodi...

5CVSS5AI score0.0837EPSS
Exploits0References86Affected Software2
Prion
Prion
added 2017/02/09 8:59 p.m.16 views

Design/Logic Flaw

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544...

4.3CVSS5.7AI score0.0155EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2016/10/09 12:0 a.m.11 views

DLA-650-1 mat - security update

Bulletin has no description...

7.2AI score
Exploits0
Prion
Prion
added 2015/07/23 2:59 p.m.25 views

Design/Logic Flaw

The Local Packet Transport Services LPTS implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the processing of flow base entries, which allows remote attackers to cause a denial of service resource...

5CVSS7.3AI score0.01744EPSS
Exploits0References2Affected Software1
Debian
Debian
added 2015/06/29 8:46 a.m.57 views

[SECURITY] [DSA 3296-1] libcrypto++ security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3296-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini June 29, 2015 https://www.debian.org/security/faq -...

5CVSS5.9AI score0.02879EPSS
Exploits0
Prion
Prion
added 2015/01/09 2:59 a.m.25 views

Design/Logic Flaw

The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to...

5CVSS7AI score0.2132EPSS
Exploits0References41Affected Software1
Prion
Prion
added 2014/10/10 10:55 a.m.20 views

Design/Logic Flaw

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.47.15, 8.6 before 8.61.14, 9.0 before 9.04.8, and 9.1 before 9.15.1 allows remote attackers to cause a denial of service device reload via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401...

7.8CVSS7AI score0.01614EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

PGP 5.x/6.x/7.0 ASCII Armor Parser Arbitrary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2556/info ASCII Armor is a text based encoding format used by PGP Pretty Good Privacy. While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and public keys to facilitate...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

OpenText FirstClass Client 11.005 - Code Execution

No description provided by source. Exploit Title: OpenText FirstClass Client Delayed Code Executiion Date: Discovered 11/16/2010, Contacted OpenText 2/1/11 and 2/7/11, Released 4/11/2011 Author: Kyle Ossinger www.k0ss.net Email: [email protected] Software Link:...

7.1AI score
Exploits0
Prion
Prion
added 2014/05/14 12:55 a.m.18 views

Design/Logic Flaw

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...

6.8CVSS6.9AI score0.02397EPSS
Exploits0References8Affected Software2
FreeBSD
FreeBSD
added 2014/04/07 12:0 a.m.38 views

OpenSSL -- Local Information Disclosure

OpenSSL reports: A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. A local attacker might be able to snoop a signing process and might recover the signing key from it...

1.9CVSS6.4AI score0.00942EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2014/03/20 12:0 a.m.20 views

SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 8974)

The OpenJDK Java Plugin IcedTea Web was released to fix a temporary file access problem. Changes : - Dialogs center on screen before becoming visible. - Support for u45 new manifest attributes Application-Name. - Custom applet permission policies panel in itweb-settings control panel. - Plugin...

2.1CVSS5.5AI score0.00482EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2014/02/25 6:45 a.m.45 views

Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure...

5.8CVSS6.2AI score0.05715EPSS
Exploits6
Rows per page
Query Builder