Lucene search
K

143 matches found

NVD
NVD
added 2015/04/21 4:59 p.m.14 views

CVE-2015-3357

Cross-site scripting XSS vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log messa...

3.5CVSS5.4AI score0.00965EPSS
Exploits0References4
Prion
Prion
added 2015/04/21 4:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log messa...

3.5CVSS5.7AI score0.00965EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/04/21 4:59 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...

4.3CVSS6.2AI score0.01184EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.21 views

CVE-2015-3364

Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...

5.7AI score0.01184EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.29 views

Ubuntu 14.04 LTS : OpenStack Cinder vulnerabilities (USN-2405-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2405-1 advisory. Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated...

4CVSS5.5AI score0.0186EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.32 views

Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2407-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2407-1 advisory. Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated...

2.7CVSS5.7AI score0.0171EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2014/11/11 7:30 p.m.58 views

USN-2407-1: OpenStack Nova vulnerabilities

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...

2.7CVSS5.2AI score0.0171EPSS
Exploits1
Amazon
Amazon
added 2014/11/11 12:0 a.m.39 views

Medium: rsyslog

Issue Overview: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 Affected Packages: rsyslog Issue...

7.5CVSS7.8AI score0.07546EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2014/10/23 12:0 a.m.18 views

Scientific Linux Security Update : rsyslog5 and rsyslog on SL5.x, SL6.x i386/x86_64 (20141020)

A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. CVE-2014-3634 After installing the update, the rsyslog service...

7.5CVSS5.3AI score0.07546EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2014/10/22 12:0 a.m.29 views

RedHat Update for rsyslog5 and rsyslog RHSA-2014:1671-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.07546EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2014/10/13 8:55 p.m.37 views

Important: Red Hat Security Advisory: rsyslog security update

Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...

7.5CVSS6.2AI score0.07546EPSS
Exploits1References2
Cent OS
Cent OS
added 2014/10/13 7:45 p.m.70 views

rsyslog security update

CentOS Errata and Security Advisory CESA-2014:1397 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, whic...

7.5CVSS6.2AI score0.07546EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : pidgin-otr (openSUSE-SU-2012:0717-1)

pidgin-otr was prone to a format string flaw in logmessagecb %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-314. The text description of this plugin is C SUSE LLC...

7.5CVSS9.1AI score0.03562EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2013/11/26 12:0 a.m.37 views

pacemaker security, bug fix, and enhancement update

1.1.10-14 - Log: crmd: Supply arguments in the correct order Resolves: rhbz996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz996850 1.1.10-13 - Fix: cman: Start clvmd and friends from the init script if enabled 1.1.10-12 - Fix: Consistently use 'Slave' as the role for...

4.3CVSS6.3AI score0.02996EPSS
Exploits1
NVD
NVD
added 2013/10/17 12:55 a.m.24 views

CVE-2013-4389

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS6.4AI score0.03135EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2013/10/17 12:0 a.m.38 views

CVE-2013-4389

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS6.2AI score0.03135EPSS
Exploits1
RubySec
RubySec
added 2013/10/16 12:0 a.m.41 views

CVE-2013-4389 rubygem-actionmailer: email address processing DoS

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS4.9AI score0.03135EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2013/08/09 9:0 p.m.22 views

CVE-2013-4147

Multiple format string vulnerabilities in Yet Another Radius Daemon YARD RADIUS 1.1.2 allow context-dependent attackers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in a request in the 1 logmsg function in log.c or 2 version or 3 buildversion...

8AI score0.0369EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/07/30 2:43 a.m.2 views

bind: named crash with an assertion failure on parsing malformed rdata

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

7.8CVSS6.8AI score0.3415EPSS
Exploits1References6
OSV
OSV
added 2013/07/29 2:2 p.m.10 views

MGASA-2013-0237 Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

7.8CVSS6.1AI score0.3415EPSS
Exploits1References6
Rows per page
Query Builder