CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7796 matches found

Tenable Nessus•added 2017/04/27 12:0 a.m.•38 views

Fedora 25 : 1:dovecot (2017-6ef28e38d6)

quota: Add plugin quotamaxmailsize setting to limit the maximum individual mail size that can be saved. + imapc: Add imapcfeatures=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapcconnectionretrycount and imapcconnectionretryinterval...

7.5CVSS6.4AI score0.0464EPSS

Exploits0References2

OSV•added 2017/04/24 11:59 p.m.•1 views

CVE-2017-5045

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...

6.1CVSS7.3AI score

Exploits0References6

Prion•added 2017/04/24 11:59 p.m.•15 views

Design/Logic Flaw

4.3CVSS5.9AI score0.01214EPSS

Exploits0References6Affected Software5

Atlassian•added 2017/04/24 9:51 p.m.•58 views

Encrypt password variables in VARIABLE_CONTEXT and VARIABLE_BASELINE_ITEM tables

h3. Problem Definition Currently, Bamboo password variables are not encrypted in the VARIABLECONTEXT and VARIABLEBASELINEITEM tables, even though they are encrypted in VARIABLEDEFINITION h3. Suggested Solution Encrypt passwords in VARIABLECONTEXT and VARIABLEBASELINEITEM tables h3. Workaround...

2AI score

Exploits0Affected Software1

Atlassian•added 2017/04/24 9:51 p.m.•19 views

Encrypt password variables in VARIABLE_CONTEXT and VARIABLE_BASELINE_ITEM tables

2AI score

Exploits0

seebug.org•added 2017/04/19 12:0 a.m.•43 views

VirtualBox: unprivileged host user -> host kernel privesc via environment and ioctl (CVE-2017-3561)

This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualBox is installed to gain code execution in the kernel. Since I'm not sure which one of these issues crosses something you consider to be a privilege boundary, I'm reporting the...

4.6CVSS8.9AI score0.01543EPSS

Exploits2

OSV•added 2017/04/17 3:59 p.m.•3 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

6.5CVSS5.8AI score0.02023EPSS

Exploits0References4

Prion•added 2017/04/17 3:59 p.m.•15 views

Session fixation

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

4.3CVSS6.8AI score0.02023EPSS

Exploits0References4Affected Software1

NVD•added 2017/04/17 3:59 p.m.•16 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

6.5CVSS6.3AI score0.02023EPSS

Exploits0References4

Cvelist•added 2017/04/17 3:0 p.m.•22 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

6.3AI score0.02023EPSS

Exploits0References4

CVE•added 2017/04/17 3:0 p.m.•46 views

CVE-2016-4869

CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...

6.5CVSS6.2AI score0.02023EPSS

Exploits0References4Affected Software1

Packet Storm•added 2017/04/14 12:0 a.m.•48 views

PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

0.5AI score

Exploits0

OSV•added 2017/04/13 2:59 p.m.•1 views

DEBIAN-CVE-2016-10122