CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1332 matches found

BDU FSTEC•added 2016/03/11 12:0 a.m.•3 views

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows attackers to circumvent existing access restrictions, obtain confidential information, or alter settings.

The vulnerability of the web application framework of the Cisco Identity Services Engine is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing access restrictions, obtain sensitive information, or alter settings...

5.5CVSS5.5AI score0.02089EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2016/03/11 12:0 a.m.•3 views

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the web application framework of the Cisco Identity Services Engine is related to the。 Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

6.8CVSS5.6AI score0.00996EPSS

Exploits0References2

OpenVAS•added 2016/03/09 12:0 a.m.•36 views

Debian Security Advisory DSA 3509-1 (rails - security update)

Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097Crafted requests to Action View, one of the components of Action Pack, might result in rendering files fr...

7.5CVSS0.2AI score0.95537EPSS

Exploits18References1

CNVD•added 2016/03/04 12:0 a.m.•4 views

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability (CNVD-2016-01465)

Cisco Unified Communications Domain Manager CUCDM is the United States Cisco Cisco company developed a dedicated unified communications solutions in the call processing components. The component has scalable, distributable, highly available enterprise voice-over-IP call processing capabilities. A...

6.1CVSS5.9AI score0.00773EPSS

Exploits0References1

Cisco•added 2016/03/02 8:30 a.m.•29 views

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager UCDM Software could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted content. An attacker could...

4.3CVSS6.1AI score0.00773EPSS

Exploits0References1

Ubuntu•added 2016/03/01 6:35 p.m.•50 views

USN-2915-1: Django vulnerabilities

Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. CVE-2016-2512 Sjoerd Job Postmus discovered that Djan...

7.4CVSS6.4AI score0.04002EPSS

Exploits0

Cisco•added 2016/02/15 12:0 a.m.•22 views

Cisco Emergency Responder Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...

4.3CVSS6.2AI score0.01009EPSS

Exploits0References1

RedHat Linux•added 2016/02/10 1:16 a.m.•41 views

Moderate: Red Hat Security Advisory: python-django security update

Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

5CVSS7AI score0.04284EPSS

Exploits0References2

RedHat Linux•added 2016/02/10 1:15 a.m.•32 views

Moderate: Red Hat Security Advisory: python-django security update

Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

5CVSS7AI score0.04284EPSS

Exploits0References2

Exploit DB•added 2016/02/10 12:0 a.m.•81 views

Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure

Document Title: =============== Apache Sling Framework v2.3.6 Adobe AEM CVE-2016-0956 - Information Disclosure Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1536 Adobe Bulletin:...

7.8CVSS7AI score0.46187EPSS

Exploits6

Cisco•added 2016/02/08 9:18 p.m.•21 views

Cisco Application Policy Infrastructure Controller Enterprise Module Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-submitted conten...

4.3CVSS6AI score0.01009EPSS

Exploits0References1

Cisco•added 2016/02/08 2:0 p.m.•24 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An...

4CVSS4.5AI score0.01167EPSS

Exploits0References1

Cisco•added 2016/02/01 9:27 p.m.•22 views

Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient sanitization of HTML entities returned to...

4.3CVSS6AI score0.01009EPSS

Exploits0References1

Cisco•added 2016/02/01 10:0 a.m.•27 views

Cisco Fog Director Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Fog Director web framework could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation for some of the parameters...

4.3CVSS6.1AI score0.00773EPSS

Exploits0References1

Cisco•added 2016/01/27 5:21 p.m.•30 views

Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unity Connection UC could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability by...

4.3CVSS6AI score0.00773EPSS

Exploits0References1

Cisco•added 2016/01/27 9:30 a.m.•34 views

Cisco Small Business SG300 Managed Switch Web Framework GUI Function Denial of Service Vulnerability

A vulnerability in the GUI function in the web framework code of Cisco Small Business SG300 Managed Switches could allow an unauthenticated, remote attacker to cause the HTTPS process to become unresponsive, resulting in a partial denial of service DoS condition. The vulnerability is due to...

5CVSS5.4AI score0.01256EPSS

Exploits0References1

Fedora•added 2015/12/31 1:53 a.m.•35 views

[SECURITY] Fedora 22 Update: python-django-1.8.7-1.fc22

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

5CVSS1.6AI score0.05163EPSS

Exploits0

CNVD•added 2015/12/18 12:0 a.m.•2 views

Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability

Cisco Emergency Responder's real-time location-address tracking database and enhanced routing capabilities can transfer emergency calls directly to the appropriate Public Safety Answering Point PASP based on the caller's location. Cisco Emergency Responder 10.5 3.10000.9 fails to validate...

4CVSS7.2AI score0.0162EPSS

Exploits0References1

CNVD•added 2015/12/18 12:0 a.m.•2 views

Cisco Emergency Responder Cross-Site Request Forgery Vulnerability (CNVD-2015-08366)

6.8CVSS6.9AI score0.00981EPSS

Exploits0References1

CNVD•added 2015/12/18 12:0 a.m.•1 views

Cisco Emergency Responder Cross-Site Scripting Vulnerability (CNVD-2015-08365)

Cisco Emergency Responder's real-time location-address tracking database and enhanced routing capabilities can transfer emergency calls directly to the appropriate Public Safety Answering Point PASP based on the caller's location. A security vulnerability exists in the Web framework of Cisco...

4.3CVSS6.3AI score0.0095EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by