Lucene search
K

6784 matches found

Tenable Nessus
Tenable Nessus
added 2012/10/31 12:0 a.m.30 views

Fedora 17 : net-snmp-5.7.1-5.fc17 (2012-16662)

This update fixes : - Array index error, leading to out-of heap-based buffer read CVE-2012-2141 - Size values in hrStorageTable and hrFSTable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

3.5CVSS8.1AI score0.02167EPSS
Exploits0References3
NVD
NVD
added 2012/10/05 9:55 p.m.24 views

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

5CVSS6.6AI score0.0506EPSS
Exploits3References18
Cvelist
Cvelist
added 2012/09/20 9:0 p.m.20 views

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender...

5.7AI score0.0173EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2012/09/17 8:20 p.m.10 views

Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits

Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who...

0.7AI score
Exploits0References5
NVD
NVD
added 2012/09/14 6:55 p.m.23 views

CVE-2012-4922

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

5CVSS6.3AI score0.02233EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2012/09/12 7:59 p.m.5 views

(ospf6d): Denial of service by decoding malformed Database Description packet headers

The ospf6lsaischanged function in ospf6lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service assertion failure and daemon exit via trailing zero values in the Link State Advertisement LSA header list of an IPv6 Database...

5CVSS7.4AI score0.04668EPSS
Exploits0References4
NVD
NVD
added 2012/08/16 10:38 a.m.14 views

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

5CVSS6.8AI score0.02198EPSS
Exploits0References2
Prion
Prion
added 2012/08/16 10:38 a.m.19 views

Authentication flaw

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

5CVSS7.4AI score0.02198EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2012/08/16 10:0 a.m.24 views

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

6.8AI score0.02198EPSS
Exploits0References2
exploitpack
exploitpack
added 2012/08/15 12:0 a.m.14 views

MobileCartly 1.0 - Arbitrary File Upload

MobileCartly 1.0 - Arbitrary File Upload Exploit Title: MobileCartly 1.0 Remote File Upload Vulnerability Google Dork: - Date: 14/08/2012 Exploit Author: ICheerNo0M Vendor Homepage: http://icheernoom.blogspot.com/ Software Link: http://mobilecartly.com/mobilecartly.zip Version: 1.0 Tested on:...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/13 12:0 a.m.34 views

FreeBSD : chromium -- multiple vulnerabilities (ce84e136-e2f6-11e1-a8ca-00262d5ed8ee)

Google Chrome Releases reports : Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525...

7.5CVSS8.2AI score0.01466EPSS
Exploits0References17
OwnCloud
OwnCloud
added 2012/08/10 5:4 p.m.46 views

Insufficiently random values - ownCloud

The rand and mtrand functions in PHP 5.4.x do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in ownCloud 4.0.x...

5.1CVSS6.2AI score0.03013EPSS
Exploits0Affected Software1
Prion
Prion
added 2012/08/06 3:55 p.m.18 views

Null pointer dereference

Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process...

5CVSS6.3AI score0.00952EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2012/08/06 3:55 p.m.31 views

CVE-2012-2854

Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process...

5CVSS5.9AI score0.00952EPSS
Exploits0References2
CVE
CVE
added 2012/08/06 3:0 p.m.61 views

CVE-2012-2854

Google Chrome before 21.0.1180.57 on macOS/Linux and before 21.0.1180.60 on Windows/Chrome Frame is affected by CVE-2012-2854, which allows a remote attacker with access to a WebUI renderer process to obtain potentially sensitive pointer values. The issue is documented in multiple advisories and ...

5CVSS5.7AI score0.00952EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.31 views

Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

Binary data 6528.pasl...

4.3CVSS9.6AI score0.00751EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.36 views

Google Chrome < 21.0.1180.60 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 21.0.1180.60 and is, therefore, affected by the following vulnerabilities : - Re-prompts are not displayed for excessive downloads. CVE-2012-2847 - Drag and drop file access restrictions are not restrictive enough...

7.5CVSS7.5AI score0.01444EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2012/07/22 4:55 p.m.3 views

CVE-2009-5031

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting XSS attacks via a single quote in a request parameter in the Content-Disposition field of a...

4.3CVSS5.2AI score0.0293EPSS
Exploits0References12
NVD
NVD
added 2012/07/20 10:40 a.m.16 views

CVE-2011-4587

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable...

6.8CVSS6.5AI score0.02066EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/07/17 7:21 p.m.5 views

Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...

4.3CVSS7.3AI score0.02126EPSS
Exploits0References4
Rows per page
Query Builder