CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2017/08/11 12:0 a.m.•1 views

Mozilla Firefox Arbitrary Code Execution Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Developer Tools is one of the development tools. An arbitrary code execution vulnerability exists in the Developer Tools feature of Mozilla Firefox prior to version 55, where the program fails to properl...

8.8CVSS9.4AI score0.03574EPSS

UbuntuCve•added 2017/08/10 12:0 a.m.•31 views

CVE-2017-7798

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR 52.3 and...

8.8CVSS7.6AI score0.03574EPSS

OSV•added 2017/08/10 12:0 a.m.•0 views

UBUNTU-CVE-2017-7798

8.8CVSS7.7AI score0.03574EPSS

Exploits0References3

myhack58•added 2017/08/10 12:0 a.m.•116 views

Java deserialization crisis has passed, this time to the is. Net deserialization vulnerability-vulnerability warning-the black bar safety net

2016 Java applications and developers by deserialization vulnerability to the devastating effects, and now . NET ecosystem also are suffering from the same crisis. A new problem exists in . NET code library to handle deserialization of operation, the attacker can also by this vulnerability in the...

7.5CVSS0.4AI score0.04434EPSS

ThreatPost•added 2017/08/09 2:25 p.m.•25 views

Signed Mughthesec Adware Hijacking Macs for Profit

A variant of an older piece of adware built for Macs called OperatorMac has been seen in the wild, and while like most adware it tries to turn a profit, it also illustrates some defensive shortcomings native to Apple’s ecosystem and the industry. Components of the new strain, which is called...

7.5AI score

Exploits0References4

RedhatCVE•added 2017/08/09 1:49 a.m.•20 views

CVE-2017-7798

8.8CVSS4.6AI score0.03574EPSS

Mozilla•added 2017/08/08 12:0 a.m.•537 views

Security vulnerabilities fixed in Firefox 55 — Mozilla

9.8CVSS10AI score0.0852EPSS

Exploits7References29Affected Software1

The Hacker News•added 2017/08/02 10:16 p.m.•8 views

Hackers Hijacked Chrome Extension for Web Developers With Over 1 Million Users

From past few years, spammers and cyber criminals were buying web extensions from their developers and then updating them without informing their users to inject bulk advertisements into every website user visits in order to generate large revenue. But now they have shifted their business...

7AI score

ThreatPost•added 2017/08/01 8:0 a.m.•21 views

Copyfish Browser Extension Hijacked to Spew Spam

A popular free optical character recognition OCR extension for web browsers called Copyfish was hijacked by attackers who used the extension to spew spam. In a statement released Sunday by distributor A9t9 Software, it was only the Google Chrome extension that was hijacked. Other versions of...

0.1AI score

The Hacker News•added 2017/07/31 6:1 a.m.•16 views

Someone Hijacks A Popular Chrome Extension to Push Malware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents...

7.1AI score

OSV•added 2017/07/31 3:29 a.m.•1 views

CVE-2017-9485

The Comcast firmware on Cisco DPC3939 firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST devices allows remote attackers to write arbitrary data to a known /var/tmp/sess pathname by leveraging the device's operation in UI dev mode...

7.5CVSS5.9AI score

NVD•added 2017/07/25 4:29 a.m.•24 views

CVE-2017-8035

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud...

7.5CVSS7.5AI score0.00306EPSS

Cvelist•added 2017/07/25 4:0 a.m.•25 views

CVE-2017-8035

7.5AI score0.00306EPSS

Cvelist•added 2017/07/25 4:0 a.m.•18 views

CVE-2017-8033

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a...

7.6AI score0.00211EPSS

Cvelist•added 2017/07/24 6:0 p.m.•19 views

CVE-2017-8036

An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 only. The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushin...

7.9AI score0.00449EPSS

Akamai Blog•added 2017/07/17 1:23 p.m.•46 views

Superior and safe user experiences with the Akamai Cloud Delivery Platform

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...

6.8AI score

RedhatCVE•added 2017/07/14 10:24 a.m.•31 views

CVE-2017-1000092

The Git Plugin can leak credentials username and password used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL...

7.5CVSS2.6AI score0.00147EPSS

OSV•added 2017/07/07 1:29 p.m.•1 views

CVE-2017-2234

Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges...

9.8CVSS5.8AI score