Lucene search
K

2170 matches found

RedHat Linux
RedHat Linux
added 2016/01/21 11:38 a.m.6 views

OpenJDK: URL deserialization inconsistencies (Networking, 8059054)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking...

5CVSS7.2AI score0.04644EPSS
Exploits0References5
OSV
OSV
added 2016/01/13 5:59 a.m.3 views

CVE-2016-0032

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...

6.1CVSS5.9AI score0.07613EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/12/29 12:0 a.m.4 views

Vulnerability of Firefox and Firefox ESR browsers, which allows hackers to circumvent existing access restrictions policies

The vulnerability of Firefox and Firefox ESR browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions by using specially crafted data and URL schemes...

5CVSS7AI score0.06058EPSS
Exploits1References3Affected Software2
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.4 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
CNVD
CNVD
added 2015/12/13 12:0 a.m.4 views

Apple iOS URL Forgery Vulnerability

Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A security vulnerability exists in Apple iOS that allows attackers to exploit a vulnerability to build malicious web pages that can be spoofed URLs by tricking users into parsing them...

4.3CVSS6.5AI score0.01438EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/11/27 4:29 a.m.4 views

Apache Cordova vulnerable to improper application of whitelist restrictions

Overview Apache Cordova provided by the Apache Software Foundation is a framework for creating mobile applications for various platforms. Android applications built using Apache Cordova contain a vulnerability where whitelist restrictions are not properly applied. Muneaki Nishimura of Sony Digita...

4.3CVSS6.8AI score0.04216EPSS
Exploits0References5
CNVD
CNVD
added 2015/11/24 12:0 a.m.7 views

Newphoria applican framework cross-site scripting vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier for Android and Newphoria...

4.3CVSS5.8AI score0.01171EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/05 12:0 a.m.4 views

Cisco Unified Computing System (5b)A on blade servers information disclosure vulnerability

Cisco Unified Computing System is the U.S. Cisco Cisco company's a set of computing, virtualization and networking in one platform. An information disclosure vulnerability exists in Cisco Unified Computing System 2.25bA on blade servers. This allows remote attackers to obtain potentially sensitiv...

5CVSS6.3AI score0.01693EPSS
Exploits0References1
OSV
OSV
added 2015/11/04 12:0 a.m.3 views

UBUNTU-CVE-2015-7195

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect...

5CVSS7.3AI score0.02183EPSS
Exploits0References4
CNVD
CNVD
added 2015/10/30 12:0 a.m.6 views

TIBCO Spotfire Server Information Disclosure Vulnerability (CNVD-2015-07301)

TIBCO Spotfire Server is based on TIBCO Spotfire data analysis and mining tools of TIBCO Software Inc. of the United States to provide integration, operation and management of the platform for the enterprise. TIBCO Spotfire Server versions 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5....

5CVSS6.4AI score0.02133EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/08 12:0 a.m.4 views

IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management Cross-Site Scripting Vulnerability

IBM Emptoris Strategic Supply Management Platform is a strategic supply management solution from IBM that helps organizations maximize cost savings, improve supplier performance and reduce risk. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management Platform and...

3.5CVSS6.5AI score0.00783EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/10/01 12:0 a.m.7 views

The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.

The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...

4.3CVSS5.6AI score0.0252EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/10/01 12:0 a.m.8 views

The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.

The vulnerability of the Safari browser’s user interface on the iOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a web page by changing its URL address...

4.3CVSS5.6AI score0.01915EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/09/25 12:0 a.m.30 views

Newphoria applican framework authentication bypass vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. An authentication bypass vulnerability exists in Newphoria applican framework. This allows attackers to bypass the whitelist.xml URL whitelist...

6.8CVSS7.1AI score0.01093EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/09/23 12:0 a.m.9 views

The vulnerabilities of Microsoft Lync Server and Skype for Business Server allow attackers to inject arbitrary web or HTML code.

The vulnerability of the jQuery server messaging components in Microsoft Lync Server and Skype for Business Server exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a special...

4.3CVSS5.7AI score0.10889EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2015/09/20 12:0 a.m.7 views

Belkin N600 DB Wireless Dual Band N+ Cross-Site Request Forgery Vulnerability

Belkin N600 DB Wireless Dual Band N+ is a wireless dual band router product from Belkin USA. The Belkin N600 DB Wireless Dual Band N+ suffers from a cross-site request forgery vulnerability that allows a remote attacker to construct a malicious URI, trick the user into parsing it, and perform...

8.8CVSS7AI score0.00624EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/17 12:0 a.m.3 views

NTT Broadband Platform Japan Connected-free Wi-Fi Application Security Bypass Vulnerability

NTT Broadband Platform Japan Connected-free Wi-Fi application for Android and iOS is a suite of Android and iOS-based applications from NTT Broadband Platform Japan for finding and automatically connecting to nearby free Wi-Fi in Japan. free Wi-Fi application for Android and iOS by NTT Broadband...

6.8CVSS6.8AI score0.01118EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.9 views

The vulnerability of the iOS operating system, which allows a hacker to trigger a service failure

The vulnerability of the Safari component in the iOS operating system is related to improper data handling. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially crafted URL, due to the lack of restrictions on the number of JavaScript notifications...

4.3CVSS5.5AI score0.01463EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.7 views

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

3.5CVSS7.9AI score0.00931EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2015/07/27 9:8 a.m.6 views

chromium-browser: Use-after-free in blink.

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

7.5CVSS7.6AI score0.02171EPSS
Exploits0References5
Rows per page
Query Builder