Lucene search
K

8751 matches found

Veracode
Veracode
added 2019/05/02 4:48 a.m.35 views

Timing Side-Channel

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timin...

5CVSS5.6AI score0.05213EPSS
Exploits0References24Affected Software4
Veracode
Veracode
added 2019/05/02 4:45 a.m.40 views

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...

7.5CVSS6AI score0.06746EPSS
Exploits0References26Affected Software2
Veracode
Veracode
added 2019/05/02 4:45 a.m.22 views

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger...

5.8CVSS8.8AI score0.04128EPSS
Exploits0References20Affected Software1
Veracode
Veracode
added 2019/05/02 4:44 a.m.34 views

Permission Check Bypass

OpenJDK 7 Java Runtime Environment and OpenJDK 7 Software Development Kit is vulnerable to permission check bypass. The attack is due to incorrect setter access check in MethodHandles.java, allowing an attacker to set value of a final field...

3.7CVSS8.6AI score0.85333EPSS
Exploits6References19Affected Software1
Veracode
Veracode
added 2019/05/02 4:44 a.m.26 views

Sandbox Restrictions Bypass

OpenJDK 7 Java Runtime Environment and OpenJDK 7 Software Development Kit is vulnerable to sandbox restrictions bypass. It is due to improper method-invocation restrictions by the MethodUtil trampoline class allowing remote attackers to bypass the Java sandbox...

10CVSS8.9AI score0.06788EPSS
Exploits0References31Affected Software3
Veracode
Veracode
added 2019/05/02 4:43 a.m.29 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS9.1AI score0.11515EPSS
Exploits0References21Affected Software1
Veracode
Veracode
added 2019/05/02 4:41 a.m.31 views

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.7AI score0.68532EPSS
Exploits5References42Affected Software1
Veracode
Veracode
added 2019/05/02 4:41 a.m.36 views

Arbitrary Code Execution

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

10CVSS5.7AI score0.68532EPSS
Exploits5References25Affected Software1
Wallarm Lab
Wallarm Lab
added 2019/04/30 8:29 p.m.66 views

Is your org structure threatening your IT security infrastructure?

5 Tips to Solve API Security Issues in Any IT Security Infrastructure Start listening. Integrating isn’t enough if your teams aren’t talking. In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous...

7.5AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2019/04/30 8:29 p.m.9 views

Is your org structure threatening your IT security infrastructure?

In a hyper-competitive environment, keeping up with customer usability demands often means adopting a hyper-agile development process. It’s a dangerous devil’s bargain. Security gets left on the cutting room floor in pursuit of highly responsive, first-to-market, code-to-customer feature flow...

1.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/29 3:20 p.m.41 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition Version 7 used by Rational Reporting for Development Intelligence RRDI. The issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a...

10CVSS0.6AI score0.26335EPSS
Exploits1Affected Software1
Metasploit
Metasploit
added 2019/04/25 7:30 p.m.40 views

Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability

This module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload...

9.8CVSS9.4AI score0.92144EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2019/04/25 12:0 a.m.67 views

SUSE SLED12 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2019:1000-1)

This update for ntfs-3gntfsprogs fixes the following issues : Security issues fixed : CVE-2019-9755: Fixed a heap-based buffer overflow which could lead to local privilege escalation bsc1130165. Note that Tenable Network Security has extracted the preceding description block directly from the SUS...

7CVSS6.6AI score0.00531EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.5 views

The vulnerability of the Outside In Filters sub-component of Oracle’s software development kit (SDK) allows a malicious actor to gain unauthorized access to protected information or cause partial service disruption.

The vulnerability of the Outside In Filters sub-component of the Oracle Outside In Technology SDK is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or cause a partial servic...

7.5CVSS7.2AI score0.01218EPSS
Exploits0References2Affected Software1
myhack58
myhack58
added 2019/04/25 12:0 a.m.58 views

Days thaw letter on ThinkPHP5. 1 framework conjunction with the RCE vulnerabilities in-depth analysis-vulnerability warning-the black bar safety net

The first few months, Thinkphp continuous outbreak of more serious vulnerabilities. Due to the framework of the application of the wide range of vulnerability impact is very large. In order to after the better defense and response to this framework for vulnerability, the alpha laboratory for...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2019/04/24 8:20 p.m.27 views

CVE-2019-8995 TIBCO ActiveMatrix BPM Open Redirect Vulnerability

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user...

4.7CVSS6.2AI score0.01137EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/04/24 12:0 a.m.22 views

CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...

7.5CVSS6.5AI score0.05415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/04/24 12:0 a.m.7 views

PT-2019-19298 · Tibco · Tibco Silver Fabric Enabler For Activematrix Bpm +2

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix BPM versions up to and including 4.2.0 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0 TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1...

6.1CVSS4.9AI score0.01137EPSS
Exploits0References5
Prion
Prion
added 2019/04/23 7:32 p.m.18 views

Buffer overflow

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.4CVSS5.8AI score0.01462EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/23 2:5 a.m.30 views

CVE-2019-11463

A memory leak in archivereadformatzipcleanup in archivereadsupportformatzip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVELZMAH typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of th...

5.5AI score0.01302EPSS
Exploits1References2
Rows per page
Query Builder