Lucene search
+L

2244 matches found

CNVD
CNVD
added 2016/07/21 12:0 a.m.2 views

TYPO3 Formhandler Extension Cross-Site Scripting Vulnerability

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in versions 2.3.1 and 2.0.2 of the TYPO3 Formhandler extensio...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2016/07/15 12:0 a.m.5 views

NetApp Snap Creator Framework Clickjacking Vulnerability

NetApp Snap Creator Framework is the United States NetApp company's set of integrated NetApp functionality plug-ins and popular third-party applications framework. A clickjacking vulnerability exists in NetApp Snap Creator Framework version 4.3P1, which can be exploited by an attacker to compromi...

4.6CVSS6.8AI score0.00709EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.2 views

Apple iOS and OS X kernel denial of service vulnerability

Apple iOS and OS X are both products of the American Apple company. The former is an operating system developed for mobile devices and the latter is a specialized operating system developed for Mac computers. kernel is one of the kernel components. A security vulnerability exists in the kernel of...

4.3CVSS8.1AI score0.00842EPSS
Exploits3References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.6 views

Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-01842)

Apple iOS is the operating system used by Apple for a number of smart devices. WebKit is a set of open-source web browser engines developed by KDE, Apple, Google and other companies, and is currently used by browsers such as Apple Safari and Google Chrome. Versions of iOS prior to 9.3 have a...

4.3CVSS8.4AI score0.01244EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.6 views

Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-01843)

Apple iOS is the operating system used by Apple for a number of smart devices. WebKit is a set of open-source web browser engines developed by KDE, Apple, Google and other companies, and is currently used by browsers such as Apple Safari and Google Chrome. Versions of iOS prior to 9.3 and Safari...

4.3CVSS8.3AI score0.01285EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/24 12:0 a.m.5 views

Apple iOS Profiles Spoofing Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of Profiles before iOS 9.3 where certificates are not properly validated, and attackers can spoof this with...

7.5CVSS8.6AI score0.01011EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/22 12:0 a.m.4 views

Apple iOS IOHIDFamily Memory Corruption Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A memory corruption security vulnerability exists in the IOHIDFamily implementation in versions prior to iOS 9.3, which allows attackers to exploit the...

4.3CVSS8.5AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/22 12:0 a.m.5 views

Apple iOS AppleUSBNetworking Memory Corruption Vulnerability

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in the implementation of AppleUSBNetworking in versions prior to iOS 9.3, due to a failure to authenticate data from USB devices...

7.2CVSS9AI score0.00634EPSS
Exploits0References1
OSV
OSV
added 2016/03/13 6:59 p.m.4 views

DEBIAN-CVE-2016-1977

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

8.8CVSS8.8AI score0.02912EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/26 12:0 a.m.6 views

Cisco ACE 4710 Application Control Engine Command Injection Vulnerability

Cisco ACE 4710 Application Control Engine is the United States Cisco Cisco a set of ACE application switch series and used to increase the security and stability of data center applications load balancing and application delivery solutions. A command injection vulnerability exists in the Cisco AC...

9CVSS7.6AI score0.02801EPSS
Exploits0References1
OSV
OSV
added 2016/02/17 2:59 a.m.4 views

CVE-2016-1149

Cross-site scripting XSS vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150...

6.1CVSS5.9AI score0.01069EPSS
Exploits0References6
OSV
OSV
added 2016/01/21 2:59 a.m.9 views

CVE-2016-0405

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability...

7.1AI score0.00347EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2015/12/23 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-7756

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b,...

5CVSS5.8AI score0.02448EPSS
Exploits1References1
CNVD
CNVD
added 2015/12/04 12:0 a.m.35 views

Cyrus IMAP index_urlfetch Information Disclosure Vulnerability

Cyrus IMAP Server is an e-mail server developed at Carnegie Mellon University. A security vulnerability exists in the function indexurlfetch in Cyrus IMAP versions 2.3.x-2.3.19, 2.4.x-2.4.18, 2.5.x-2.5.4 index.c. A remote attacker can exploit this vulnerability to obtain sensitive information by...

7.5CVSS8.9AI score0.03261EPSS
Exploits1References1
OSV
OSV
added 2015/09/18 10:59 a.m.2 views

UBUNTU-CVE-2015-5804

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and...

6.8CVSS7.1AI score0.02709EPSS
Exploits0References6
CNVD
CNVD
added 2015/08/19 12:0 a.m.8 views

WordPress GD bbPress Attachments plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...

4.3CVSS6AI score0.02055EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/19 12:0 a.m.6 views

WordPress GD bbPress Attachments Plugin Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL server to set up a personal blog site. gd bbPress Attachments is one of the support for uploading attachments to the bbPress open-source forum progra...

4CVSS6.8AI score0.01806EPSS
Exploits1References1
CNVD
CNVD
added 2015/07/29 12:0 a.m.4 views

WordPress wp-powerplaygallery plugin 'upload.php' has multiple SQL injection vulnerabilities

WordPress is a blogging platform developed using the PHP language. WordPress wp-powerplaygallery plugin version 3.3 and earlier, there are multiple sql injection vulnerabilities in the implementation of upload.php, which can be exploited by an attacker to access or modify data, etc...

7.5CVSS7.4AI score0.03166EPSS
Exploits1References1
CNVD
CNVD
added 2015/07/02 12:0 a.m.6 views

GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...

4.3CVSS6.1AI score0.01917EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.3 views

The vulnerability of the Gentoo Linux operating system, which allows a malicious intruder to compromise the accessibility of protected information

The vulnerability of the openssh package up to version 4.3p2-r5 of the Gentoo Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

7.8CVSS6.4AI score0.34666EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder