Lucene search
K

637 matches found

CNVD
CNVD
added 2015/07/20 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Database RDBMS Security Component

Oracle Database is a large database of commercial nature. A security vulnerability exists in the Oracle Database RDBMS Security component that allows an authenticated user to compromise system confidentiality...

5CVSS6.3AI score0.01831EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/20 12:0 a.m.2 views

Unspecified Arbitrary Code Execution Vulnerability in Oracle Java SE Security Component

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the Security subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious web page that...

7.6CVSS7.3AI score0.44595EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/07/16 12:0 a.m.44 views

MariaDB 10.0.0 < 10.0.20 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.20 advisory. - Oracle MySQL before 5.7.3, Oracle MySQL Connector/C aka libmysqlclient before 6.1.3, and MariaDB before 5.5.44 use the --ssl...

5.9CVSS6.8AI score0.07083EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2015/02/05 7:34 p.m.6 views

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

5CVSS6.6AI score0.05032EPSS
Exploits0References5
NVD
NVD
added 2015/01/30 11:59 a.m.19 views

CVE-2014-8838

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

4.3CVSS5.5AI score0.00854EPSS
Exploits0References4
CVE
CVE
added 2015/01/30 11:0 a.m.73 views

CVE-2014-8838

CVE-2014-8838 affects macOS OS X prior to 10.10.2, where the Security component mishandles cached app certificate information. This allows a crafted app signed with a revoked Developer ID to bypass Gatekeeper checks, as described in the vulnerability entry and corroborated by vulnerability listin...

4.3CVSS3.1AI score0.00854EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2015/01/26 6:10 p.m.6 views

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

5CVSS6.6AI score0.05032EPSS
Exploits0References5
Amazon
Amazon
added 2015/01/22 12:0 a.m.61 views

Important: java-1.8.0-openjdk

Issue Overview: Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions...

10CVSS7.1AI score0.99999EPSS
Exploits12References1
NVD
NVD
added 2014/12/27 6:59 p.m.11 views

CVE-2013-5958

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...

5CVSS6.6AI score0.01868EPSS
Exploits0References1
CVE
CVE
added 2014/12/27 6:0 p.m.62 views

CVE-2013-5958

The vulnerability CVE-2013-5958 affects the Symfony Security component: Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6. A long password can trigger an expensive PBKDF2 hash computation, leading to CPU-based denial of service. Remediation is upgrading ...

5CVSS6.6AI score0.01868EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/12/27 6:0 p.m.18 views

CVE-2013-5958

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...

6.5AI score0.01868EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2014/12/27 6:0 p.m.18 views

CVE-2013-5958

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a...

5CVSS5.8AI score0.01868EPSS
Exploits0
Prion
Prion
added 2014/12/06 3:59 p.m.12 views

Security feature bypass

Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors...

2.1CVSS6AI score0.00382EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2014/12/06 3:59 p.m.14 views

CVE-2014-3099

Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors...

2.1CVSS5.5AI score0.00382EPSS
Exploits0References5
OSV
OSV
added 2014/09/24 7:27 p.m.3 views

USN-2360-1 firefox vulnerabilities

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates...

7.5CVSS6.8AI score0.1617EPSS
Exploits0References2
Amazon
Amazon
added 2014/04/17 12:0 a.m.54 views

Critical: java-1.7.0-openjdk

Issue Overview: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execut...

10CVSS9AI score0.07571EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/02/04 7:34 p.m.5 views

OpenJDK: null xmlns handling issue (Security, 8025026)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

7.5CVSS6.3AI score0.04258EPSS
Exploits1References5
NVD
NVD
added 2014/01/15 4:11 p.m.21 views

CVE-2013-5878

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

7.5CVSS4.5AI score0.04258EPSS
Exploits1References28
Prion
Prion
added 2014/01/15 4:11 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

7.5CVSS5.8AI score0.04258EPSS
Exploits1References28Affected Software2
Cvelist
Cvelist
added 2014/01/15 12:30 a.m.23 views

CVE-2013-5878

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

4.5AI score0.04258EPSS
Exploits1References28
Rows per page
Query Builder