Lucene search
+L

760 matches found

NVD
NVD
added 2014/08/25 1:55 a.m.17 views

CVE-2014-0974

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

1.9CVSS6.6AI score0.00328EPSS
Exploits0References2
Prion
Prion
added 2014/08/25 1:55 a.m.16 views

Memory corruption

The bootlinuxfrommmc function in app/aboot/aboot.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a...

1.9CVSS7AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2014/05/19 2:55 p.m.3 views

UBUNTU-CVE-2014-3717

Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service crash via a crafted kernel, which triggers a buffer overflow...

3.3CVSS6.1AI score0.00411EPSS
Exploits0References6
Hacker One
Hacker One
added 2014/04/02 9:25 p.m.35 views

C2FO: User guessing/enumeration at https://app.c2fo.com/api/password-reset

Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: 1. Send a POST-Request to the url https://app.c2fo.com/api/password-reset as the following example shows: POST /api/password-reset HTTP/1.1...

0.5AI score
Exploits0
OSV
OSV
added 2014/03/26 8:0 a.m.10 views

CURL-CVE-2014-0139 IP address wildcard certificate validation

libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses. RFC 2818 covers the requirements for matching Common Names CNs and subjectAltNames in order to establish valid SSL connections. It first discusses CNs that are for hostnames, and the rules for wildcards in th...

5.8CVSS6.6AI score0.04866EPSS
Exploits0
Cvelist
Cvelist
added 2013/07/29 7:0 p.m.24 views

CVE-2013-4936

The IsDFPFrame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted packet...

6.1AI score0.02953EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2013/05/09 12:0 a.m.36 views

hypervkvpd security and bug fix update

0-0.7.0.1.el59.3 - Add support for oracle os 0-0.7.3 - Fix for one more file descriptor leak rhbz953502 0-0.7.2 - Validate Netlink source address CVE-2012-5532 rhbz953560 0-0.7.1 - Fix for file descriptor leak rhbz953502...

4.9CVSS6.5AI score0.00407EPSS
Exploits1
ThreatPost
ThreatPost
added 2013/03/28 5:39 p.m.11 views

Open DNS Resolvers Center Stage in Massive DDoS Attacks

For some perspective on what 300 Gbps of traffic represents, let’s just pretend that your company, as a potential customer, put this massive volume of bits and bytes in front of 20 of the leading Internet service providers. Chances are, all but three or four will tell you “Thanks, but no thanks, ...

0.6AI score
Exploits0References4
OSV
OSV
added 2012/10/22 11:55 p.m.8 views

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...

6.4AI score
Exploits0References7
Debian CVE
Debian CVE
added 2012/10/22 11:0 p.m.33 views

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...

4CVSS6.2AI score0.02329EPSS
Exploits0
Cvelist
Cvelist
added 2012/10/22 11:0 p.m.20 views

CVE-2012-4435

fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service server crash via a long IP address...

6.2AI score0.02329EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2012/07/17 10:20 a.m.41 views

CVE-2012-0795

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address...

6.5CVSS5.9AI score0.01905EPSS
Exploits0References2
Xen Project
Xen Project
added 2011/09/02 9:18 a.m.16 views

Xen <= 3.3 DoS due to incorrect virtual address validation

ISSUE DESCRIPTION The x8664 addrok macro intends to ensure that the checked address is either in the positive half of the 48-bit virtual address space, or above the Xen-reserved area. However, the current shift count is off-by-one, allowing full access to the "negative half" too, via certain...

5.5CVSS7.1AI score0.0059EPSS
Exploits0Affected Software1
NVD
NVD
added 2011/08/29 6:55 p.m.27 views

CVE-2011-3187

The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...

4.3CVSS6.5AI score0.06661EPSS
Exploits1References9
Prion
Prion
added 2011/08/29 6:55 p.m.35 views

Code injection

The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...

4.3CVSS7.1AI score0.06661EPSS
Exploits1References9Affected Software1
Packet Storm
Packet Storm
added 2011/08/05 12:0 a.m.21 views

CiscoKits CCNA TFTP Denial Of Service

!/usr/bin/python Title : CiscoKits CCNA TFTP Server Denial Of Service Vulnerability Author : Prabhu S Angadi from SecPod Technologies www.secpod.com Vendor : http://www.certificationkits.com/cisco-ccna-tftp-server/ Advisory : http://secpod.org/blog/?p=271...

0.3AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/15 12:0 a.m.14 views

JVN#40382909: Microsoft Outlook read receipt function vulnerability

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...

6.7AI score
Exploits0
Fedora
Fedora
added 2009/12/01 4:29 a.m.35 views

[SECURITY] Fedora 12 Update: php-pear-Mail-1.1.14-5.fc12

PEAR's Mail package defines an interface for implementing mailers under the PEAR hierarchy. It also provides supporting functions useful to multiple mailer backends. Currently supported backends include: PHP's native mail function, sendmail, and SMTP. This package also provides a RFC822 email...

7.5CVSS1.7AI score0.02402EPSS
Exploits3
Cvelist
Cvelist
added 2006/05/31 10:0 p.m.23 views

CVE-2006-2709

Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 do not validate the source address of a message, which allows remote attackers to 1 execute arbitrary code on a client or 2 forge messages to the server...

7.5AI score0.03681EPSS
Exploits0References8
Exploit DB
Exploit DB
added 2003/01/30 12:0 a.m.30 views

Sambar Server 5.x - Open Proxy / Authentication Bypass

source: https://www.securityfocus.com/bid/10256/info Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization. Once the remote attacker has gained access to the administrative interface, further attac...

7.4AI score
Exploits0
Rows per page
Query Builder