CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3188 matches found

Tenable Nessus•added 2018/02/28 12:0 a.m.•34 views

openSUSE Security Update : systemd (openSUSE-2018-216)

This update for systemd fixes the following issues : Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

7.8CVSS6.5AI score0.00084EPSS

Exploits3References7

Tenable Nessus•added 2018/02/27 12:0 a.m.•33 views

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0546-1)

This update for systemd fixes the following issues: Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

7.8CVSS6.6AI score0.00084EPSS

Exploits3References9

NVD•added 2018/02/07 11:29 p.m.•16 views

CVE-2017-15389

An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS5.8AI score0.00774EPSS

Exploits0References6

UbuntuCve•added 2018/02/07 11:29 p.m.•23 views

CVE-2017-15389

An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS7AI score0.00774EPSS

Exploits0References1

Prion•added 2018/02/07 11:29 p.m.•17 views

Design/Logic Flaw

An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS6.1AI score0.00774EPSS

Exploits0References6Affected Software2

Debian CVE•added 2018/02/07 11:0 p.m.•26 views

CVE-2017-15389

Removed by vendor...

6.5CVSS8AI score0.00774EPSS

Exploits0

CVE•added 2018/02/07 11:0 p.m.•91 views

CVE-2017-15389

CVE-2017-15389 is a URL-spoofing vulnerability in the Omnibox (URL bar) of Chromium/Google Chrome prior to 62.0.3202.62. The root cause is an insufficient watchdog timer in navigation, enabling a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Affected software inclu...

6.5CVSS6.1AI score0.00774EPSS

Exploits0References6Affected Software1

Cvelist•added 2018/02/07 11:0 p.m.•19 views

CVE-2017-15389

An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.3AI score0.00774EPSS

Exploits0References6

RedHat Linux•added 2018/01/24 10:5 a.m.•1 views

Mozilla: Use-after-free with DTMF timers (MFSA 2018-03)

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Firefox 58...

9.8CVSS7.3AI score0.04277EPSS

Exploits0References5

BDU FSTEC•added 2018/01/12 12:0 a.m.•2 views

The vulnerability of the ALSA/dev/snd/timer driver (sound/core/timer.c) in the Linux operating system allows a hacker to obtain confidential information.

The vulnerability of the ALSA/dev/snd/timer driver sound/core/timer.c in the Linux operating system is related to the disclosure of information during simultaneous data reading and analysis. Exploiting this vulnerability can allow an attacker, operating locally, to obtain confidential information...

5.5CVSS6.6AI score0.00326EPSS

Exploits0References45Affected Software2

Positive Technologies•added 2017/12/21 12:0 a.m.•5 views

PT-2018-6841 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.8 Description: The issue arises from improper validation of the sigevent-sigev notify field in the timer create syscall implementation. This leads to out-of-bounds access when the show timer function is...

8.4CVSS7.6AI score0.9427EPSS

Exploits84References768

Tenable Nessus•added 2017/12/11 12:0 a.m.•97 views

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3658 advisory. - ping: implement proper locking Eric Dumazet Orabug: 26540288 CVE-2017-2671 - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 266759...

8.8CVSS7.5AI score0.87EPSS

Exploits69References4

Tenable Nessus•added 2017/12/11 12:0 a.m.•68 views

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3657 advisory. - mm: Tighten x86 /dev/mem with zeroing reads Kees Cook Orabug: 26675925 CVE-2017-7889 - more biomapuseriov leak fixes Al Viro Orabug: 27069042...

8.8CVSS7.5AI score0.25699EPSS

Exploits51References3

Oracle linux•added 2017/12/07 12:0 a.m.•83 views

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.20.1 - tty: Fix race in ptywrite leading to NULL deref Todd Vierling Orabug: 25392692 - ocfs2/dlm: ignore cleaning the migration mle that is inuse xuejiufei Orabug: 26479780 - KEYS: fix dereferencing NULL payload with nonzero length Eric Biggers Orabug: 26592025 - oracleasm:...

8.8CVSS8.6AI score0.25699EPSS

Exploits51