Lucene search
K

483 matches found

OSV
OSV
added 2017/04/14 2:59 p.m.3 views

CVE-2017-7455

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control...

7.5CVSS5.8AI score0.16341EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2017/03/31 9:39 a.m.6 views

chromium-browser: heap buffer overflow in v8

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page...

8.8CVSS7.4AI score0.01436EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/03/14 6:13 a.m.4 views

chromium-browser: heap overflow in skia

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

6.8CVSS7.6AI score0.02404EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/02/28 8:19 a.m.3 views

OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.02166EPSS
Exploits0References4
OSV
OSV
added 2017/02/11 11:47 p.m.8 views

MGASA-2017-0045 Updated nagios packages fix security vulnerabilities

The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...

9.8CVSS7.5AI score0.22684EPSS
Exploits11References5
RedHat Linux
RedHat Linux
added 2017/02/02 8:33 p.m.5 views

tika: XML External Entity vulnerability

It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...

7.8CVSS5.7AI score0.03449EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2017/01/27 10:59 p.m.2 views

CVE-2016-8309

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via...

4.3CVSS5.3AI score0.01122EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/12/29 9:59 a.m.4 views

CVE-2016-5334

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors...

5.3CVSS5.8AI score0.02133EPSS
Exploits0References3
OSV
OSV
added 2016/10/05 4:59 p.m.4 views

CVE-2016-7560

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors...

9.8CVSS5.9AI score0.02698EPSS
Exploits0References2
OSV
OSV
added 2016/09/17 9:59 p.m.3 views

CVE-2016-6644

EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an robjectid value...

5.3CVSS5.9AI score0.01861EPSS
Exploits0References3
OSV
OSV
added 2016/09/02 12:59 a.m.2 views

CVE-2016-1473

Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community, aka Bug ID CSCuz76216...

9.8CVSS5.8AI score0.03976EPSS
Exploits0References4
CNVD
CNVD
added 2016/07/21 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Siebel CRM Oracle Knowledge Component (CNVD-2016-05272)

Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions, which includes sales management, marketing management, customer service systems, call centers and other modules.Oracle Knowledge is one of the knowledge management components. A...

4.3CVSS6.7AI score0.01696EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/05/26 12:0 a.m.6 views

PT-2016-6141 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r9 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: The issue allows...

10CVSS9.5AI score0.02487EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/21 2:58 p.m.8 views

JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue...

10CVSS7.4AI score0.05479EPSS
Exploits0References5
CNVD
CNVD
added 2016/04/15 12:0 a.m.7 views

Unspecified Vulnerability in Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries

Adobe Creatie Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from Adobe USA. A security vulnerability exists in Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop 3.5.1.209...

9.4CVSS6.9AI score0.02769EPSS
Exploits0References1
OSV
OSV
added 2016/04/13 4:59 p.m.7 views

UBUNTU-CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...

7.5CVSS7.4AI score0.17852EPSS
Exploits3References3
OSV
OSV
added 2016/04/12 2:59 p.m.3 views

DEBIAN-CVE-2016-2140

The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...

5.3CVSS5.3AI score0.02091EPSS
Exploits0References1
OSV
OSV
added 2016/01/05 3:20 p.m.9 views

SUSE-SU-2016:0032-1 Security update for samba

This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB bnc958586. - CVE-2015-5252: Insufficient symlink verification file access outside the share bnc958582. - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the...

7.5CVSS6.3AI score0.13584EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2015/12/29 12:0 a.m.43 views

openSUSE Security Update : samba / ldb / talloc / etc (openSUSE-2015-945)

"This update for ldb, samba, talloc, tdb, tevent fixes the following issues : ldb was updated to 1.1.24. + Fix ldap \00 search expression attack dos; cve-2015-3223; bso11325 + Fix remote read memory exploit in ldb; cve-2015-5330; bso11599 + Move ldbunpackdata into ldbmodule.h for testing + Fix...

7.5CVSS6.6AI score0.13584EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2015/12/29 12:0 a.m.33 views

openSUSE Security Update : ldb / samba / talloc / etc (openSUSE-2015-943)

"This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs : The Samba LDB was updated to version 1.1.24 : - Fix ldap \00 search expression attack dos; CVE-2015-3223; bso11325 - Fix remote read memory exploit in ldb; CVE-2015-5330; bso11599 - Move ldbunpackdata...

7.5CVSS6.7AI score0.13584EPSS
Exploits1References15
Rows per page
Query Builder