CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3963 matches found

Tenable Nessus•added 2017/02/09 12:0 a.m.•40 views

openSUSE Security Update : libgit2 (openSUSE-2017-213)

This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate callback or when using...

9.8CVSS7.5AI score0.0321EPSS

Exploits0References7

RubySec•added 2017/01/11 12:0 a.m.•15 views

omniauth leaks authenticity token in callback params

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS4.8AI score0.00439EPSS

Exploits0References1Affected Software1

myhack58•added 2016/12/20 12:0 a.m.•47 views

CVE-2016-8655 kernel race condition vulnerability the Debug analysis-vulnerability warning-the black bar safety net

12 5 March, hilipPettersson published a piece that already exists Linux kernel up to 5 years of local mention the right vulnerability, affecting virtually all Linux mainstream distributions, a time limelight without the two, no less than some time ago of“Dirty Cow”in. For this black magic...

7.6AI score0.4799EPSS

Exploits16

CNVD•added 2016/12/12 12:0 a.m.•1 views

Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...

7.6AI score

Exploits0References1

Openbugbounty•added 2016/11/19 9:51 a.m.•13 views

m.thecard.co.kr XSS vulnerability

Vulnerable URL: http://m.thecard.co.kr/mobile/event/EventReviewListProc.asp?jsoncallback=prompt/OPENBUGBOUNTY/...

6.9AI score

Exploits0

Openbugbounty•added 2016/11/19 6:36 a.m.•10 views

langrenn.njaard.no XSS vulnerability

Vulnerable URL: http://langrenn.njaard.no/Sponsor/get?placeHolder=5=200000195=1896=0=0=prompt/OPENBUGBOUNTY/...

6.9AI score

Exploits0

Talos•added 2016/11/17 12:0 a.m.•42 views

HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...

8.6CVSS8.6AI score0.0025EPSS

Exploits2

OSV•added 2016/11/16 5:59 a.m.•1 views

DEBIAN-CVE-2016-7912

Use-after-free vulnerability in the ffsusercopyworker function in drivers/usb/gadget/function/ffs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call...

7.8CVSS7.5AI score0.00267EPSS

Exploits0References1

Prion•added 2016/11/16 5:59 a.m.•12 views

Design/Logic Flaw

9.3CVSS6.8AI score0.00267EPSS

Exploits0References5Affected Software1

CVE•added 2016/11/16 4:49 a.m.•62 views

CVE-2016-7912

The CVE-2016-7912 entry describes a use-after-free in the Linux kernel involving ffs_user_copy_worker in drivers/usb/gadget/function/f_fs.c, prior to version 4.5.3. This flaw lets local users escalate privileges by accessing an I/O data structure after a callback, as documented in multiple source...

9.3CVSS7.3AI score0.00267EPSS

Exploits0References5Affected Software1