Lucene search
K

137 matches found

VulnCheck KEV
VulnCheck KEV
added 2017/01/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2013-1670

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote...

4.3CVSS6.8AI score0.10893EPSS
Exploits4References1
RedHat Linux
RedHat Linux
added 2014/08/11 4:54 p.m.9 views

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

5CVSS7.4AI score0.04086EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/11 4:44 p.m.5 views

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

5CVSS7.4AI score0.04086EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/07/16 5:18 a.m.4 views

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

5CVSS7.4AI score0.04086EPSS
Exploits0References5
Snyk
Snyk
added 2013/06/24 9:0 p.m.3 views

Arbitrary Script Injection

Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...

8.1CVSS7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/05/17 12:0 a.m.33 views

CentOS Update for firefox CESA-2013:0820 centos6

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:0820 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

10CVSS0.5AI score0.10893EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2013/05/17 12:0 a.m.52 views

Ubuntu: Security Advisory (USN-1822-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.10893EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2013/05/14 6:31 p.m.6 views

Mozilla: Privileged access for content level constructor (MFSA 2013-42)

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...

4.3CVSS7.2AI score0.10893EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2013/05/14 6:14 p.m.3 views

Mozilla: Privileged access for content level constructor (MFSA 2013-42)

The Chrome Object Wrapper COW implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attacker...

4.3CVSS7.2AI score0.10893EPSS
Exploits4References5
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.495 views

Cross domain access to object constructors can be used to facilitate cross-site scripting

JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document's host objects, a malicious script...

0.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2012/11/02 12:0 a.m.6 views

Cross domain access to object constructors can be used to facilitate cross-site scripting – Opera Security Advisories

JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document’s host objects, a malicious script...

5.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/08/30 6:12 p.m.50 views

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...

10CVSS1.6AI score0.98536EPSS
Exploits10References4
OpenVAS
OpenVAS
added 2012/07/09 12:0 a.m.42 views

RedHat Update for glibc RHSA-2012:0393-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS8.6AI score0.02717EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2012/03/20 12:0 a.m.29 views

CentOS 6 : glibc (CESA-2012:0393)

Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.8CVSS8.5AI score0.02717EPSS
Exploits5References2
OSV
OSV
added 2009/07/31 7:0 p.m.1 views

DEBIAN-CVE-2009-1720

Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...

7.5CVSS8.1AI score0.06437EPSS
Exploits1References1
Cvelist
Cvelist
added 2009/07/31 6:29 p.m.25 views

CVE-2009-1720

Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...

7.7AI score0.06437EPSS
Exploits1References23
CVE
CVE
added 2003/04/02 5:0 a.m.60 views

CVE-2000-1211

The CVE concerns Zope 2.2.0 through 2.2.4, where security registrations for legacy names of object constructors (e.g., DTML method objects) are not performed correctly. This could allow attackers to perform unauthorized activities due to improper access control on constructor names. The issue is ...

7.5CVSS6.6AI score0.01427EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder