CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4651 matches found

Prion•added 2017/02/07 5:59 p.m.•8 views

Authentication flaw

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind...

7.5CVSS7.6AI score0.02925EPSS

Exploits0References3Affected Software1

OSV•added 2017/02/07 5:59 p.m.•1 views

DEBIAN-CVE-2016-2403

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind...

9.8CVSS9.7AI score0.02925EPSS

Exploits0References1

OSV•added 2017/01/31 10:59 p.m.•0 views

BELL-CVE-2016-9962 CVE-2016-9962 does not affect BellSoft software

Bulletin has no description...

6.4CVSS7.3AI score0.00358EPSS

Exploits0References1

RedHat Linux•added 2017/01/05 2:36 p.m.•4 views

puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud

An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $publicsslport value was set to...

7.5CVSS5.9AI score0.00852EPSS

Exploits0References4

OSV•added 2017/01/04 12:0 a.m.•2 views

UBUNTU-CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS7.2AI score0.06974EPSS

Exploits0References5

RedhatCVE•added 2017/01/03 2:17 a.m.•25 views

CVE-2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources...

7.5CVSS3.2AI score0.00852EPSS

Exploits0References1

Tenable Nessus•added 2017/01/03 12:0 a.m.•72 views

FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)

The PHP project reports : - Use After Free Vulnerability in unserialize CVE-2016-9936 - Invalid read when wddx decodes empty boolean element CVE-2016-9935 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

9.8CVSS8.6AI score0.06974EPSS

Exploits2References4

OSV•added 2016/12/31 12:0 a.m.•2 views

UBUNTU-CVE-2016-10197

The searchmakenew function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service out-of-bounds read via an empty hostname...

7.5CVSS7.2AI score0.05192EPSS

Exploits1References7

CNVD•added 2016/12/21 12:0 a.m.•1 views

yxcms V1.3.9 Arbitrary File Deletion Vulnerability in 'tpdel' Function

YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. The yxcms V1.3.9 'tpdel' function is vulnerable to arbitrary file deletion. Since the function only passes a non-empty judgment on the string Mname fname, as long as the path is correct, arbitrary files c...

7.1AI score

Exploits0

Tenable Nessus•added 2016/12/15 12:0 a.m.•43 views

Scientific Linux Security Update : systemd on SL7.x x86_64 (20161103)

Security Fixes : - A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. CVE-2016-7795 Bug Fix...

5.5CVSS6.1AI score0.00633EPSS

Exploits1References2

OSV•added 2016/12/13 8:59 p.m.•2 views

ALPINE-CVE-2016-7953