Lucene search
+L

663 matches found

nessus
nessus
added 2017/08/08 12:0 a.m.28 views

EulerOS 2.0 SP2 : librsvg2 (EulerOS-SA-2017-1137)

According to the version of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and...

7.5CVSS7.2AI score0.02427EPSS
Exploits0References2
nessus
nessus
added 2017/08/08 12:0 a.m.28 views

EulerOS 2.0 SP1 : librsvg2 (EulerOS-SA-2017-1136)

According to the version of the librsvg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The rsvgcssnormalizefontsize function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service stack consumption and...

7.5CVSS7.2AI score0.02427EPSS
Exploits0References2
nessus
nessus
added 2017/07/28 12:0 a.m.15 views

Fedora 26 : php-symfony (2017-4fcbd8a4c3)

2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...

5.5AI score
Exploits0References1
prion
prion
added 2017/07/20 4:29 a.m.20 views

Sql injection

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter...

7.5CVSS9.8AI score0.01466EPSS
Exploits3References1Affected Software1
cvelist
cvelist
added 2017/07/20 4:0 a.m.26 views

CVE-2017-11471

IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter...

10AI score0.01466EPSS
Exploits3References1
carbonblack
carbonblack
added 2017/07/13 5:0 p.m.61 views

“The 101” – Episode 1 – What is a Non-Malware Attack?

Welcome to our new video series, “The 101!” This weekly security series aims to do one thing: define endpoint security, one question at a time. Tune in each week as we tackle a new term, concept or comparison in our ongoing effort to cut through the noise and provide clear definitions. Security c...

6.8AI score
Exploits0
qualysblog
qualysblog
added 2017/05/16 1:20 a.m.73 views

Qualys Cloud Suite 8.10 New Features

This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements: Authentication Vault integration with BeyondTrust Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and...

6.9AI score
Exploits0
seebug
seebug
added 2017/04/24 12:0 a.m.18 views

Apache Ranger =< 0.5.2 allows to download policy definitions without authentication

Apache Ranger =:6080/service/plugins/policies/download/ The prerequisite to exploit this flaw is to know or guess the policy name. This finding may not constitute a vulnerability by itself, but is equivalent to having access to a network filtering policy: finding holes in policies is then easier...

7AI score
Exploits0
redhatcve
redhatcve
added 2017/04/19 1:18 p.m.23 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.1CVSS3.7AI score0.01028EPSS
Exploits0References2
nvd
nvd
added 2017/04/10 3:59 a.m.25 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.1CVSS6.6AI score0.01028EPSS
Exploits0References1
osv
osv
added 2017/04/10 3:59 a.m.18 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.1CVSS5.7AI score
Exploits0References1
prion
prion
added 2017/04/10 3:59 a.m.15 views

Design/Logic Flaw

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

4.3CVSS5.8AI score0.01028EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2017/04/10 3:0 a.m.26 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.3AI score0.01028EPSS
Exploits0References1
redhatcve
redhatcve
added 2017/03/23 9:48 a.m.43 views

CVE-2017-2619

A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. Mitigation Add the parameter: unix extensions = no to the global section of your smb.conf and resta...

7.5CVSS0.6AI score0.11181EPSS
Exploits3References2
cnvd
cnvd
added 2017/03/20 12:0 a.m.28 views

Apache Camel Validation Component Request Forgery Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...

7.4CVSS8.3AI score0.0489EPSS
Exploits0References1
n0where
n0where
added 2017/02/27 5:55 p.m.21 views

Google Cloud Platform Audit

Google Cloud Platform Audit gcp-audit takes a set of projects and audits them for common issues as defined by its ruleset. Issues can include, but are certainly not limited to, storage buckets with read/write permissions for anyone and compute engine instances with services exposed to the Interne...

7AI score
Exploits0References2
pypa
pypa
added 2016/09/26 4:59 p.m.6 views

PYSEC-2016-22

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

9.8CVSS8AI score0.03166EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2016/08/29 12:0 a.m.26 views

SUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2016:1601-1)

This update for libtasn1 fixes the following issues : - Malformed asn1 definitions could have caused a segmentation fault in the asn1 definition parser bsc961491 - CVE-2015-3622: Fixed invalid read in octet string decoding bsc929414 - CVE-2016-4008: Fixed infinite loop while parsing DER...

5.9CVSS6.6AI score0.33094EPSS
Exploits1References8
bdu_fstec
bdu_fstec
added 2016/07/19 12:0 a.m.6 views

The vulnerability of the Xerces C++ library allows a hacker to trigger a service failure.

The vulnerability of the Xerces C++ library arises from buffer overflows in the stack. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures by using embedded DTD files...

5CVSS6.7AI score0.14138EPSS
Exploits0References11Affected Software2
cnvd
cnvd
added 2016/06/29 12:0 a.m.5 views

Open-Xchange AppSuite Information Disclosure Vulnerability (CNVD-2016-04412)

Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. An information disclosure vulnerability exists in OX AppSuite 7.8.1 and earlier...

4.3CVSS6.4AI score0.00824EPSS
Exploits1References1
Rows per page
Query Builder