Lucene search
K

4754 matches found

Cvelist
Cvelist
added 2014/06/11 2:0 p.m.52 views

CVE-2014-3970

The partprecv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service assertion failure and abort via an empty UDP packet...

5.3AI score0.01457EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2014/06/04 2:55 p.m.24 views

CVE-2014-3836

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud Server before 6.0.3 allow remote attackers to hijack the authentication of users for requests that 1 conduct cross-site scripting XSS attacks, 2 modify files, or 3 rename files via unspecified vectors...

6.8CVSS5.9AI score0.00605EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/05/27 3:0 p.m.28 views

CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS6.4AI score0.02602EPSS
Exploits1
OSV
OSV
added 2014/05/27 2:55 p.m.1 views

DEBIAN-CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS6.8AI score0.02602EPSS
Exploits1References1
Prion
Prion
added 2014/05/27 2:55 p.m.14 views

Double free

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS7AI score0.02602EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2014/05/27 2:55 p.m.3 views

UBUNTU-CVE-2013-2124

Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service crash via empty guest files...

4.3CVSS5.8AI score0.02602EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/05/27 12:0 a.m.26 views

jdmail 弱密码漏洞

JinDiMail邮箱系统是TurboMail基础上二次开发安装后 默认会有4个root域的账号,管理员及三个普通账号:postmaster管理员nobodysecbmsecsj默认密码为空漏洞利用过程http://xxx.com/mailmain?type=login&uid=secbm&pwd=&domain=root&style=enterprisehttp://xxx.com/mailmain?type=login&uid=...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/05/15 12:0 a.m.41 views

RSA NetWitness / RSA Security Analytics authentication bypass

Under some conditions, login with empty password is allowed...

7.6CVSS4.6AI score0.0235EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2014/04/27 10:55 p.m.2 views

DEBIAN-CVE-2014-2285

The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...

4.3CVSS6.7AI score0.03283EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/03/31 4:36 p.m.9 views

wireshark: SIP dissector could go into an infinite loop (wnpa-sec-2013-66)

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

5CVSS6.3AI score0.02307EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/03/24 5:54 p.m.7 views

net-snmp: snmptrapd crash when using a trap with empty community string

The perltrapdhandler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service snmptrapd crash via an empty community string in an SNMP trap, which triggers a NULL pointer dereference...

4.3CVSS7.4AI score0.03283EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/03/24 4:31 p.m.26 views

CVE-2014-2057

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01005EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/03/14 4:55 p.m.20 views

CVE-2013-2150

Multiple cross-site scripting XSS vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files...

3.5CVSS5.9AI score0.01152EPSS
Exploits0References2
OSV
OSV
added 2014/03/07 2:16 p.m.10 views

MGASA-2014-0122 Updated net-snmp packages fix two vulnerabilities

Updated net-snmp packages fix security vulnerabilities: Remotely exploitable denial of service vulnerability in Net-SNMP, in the Linux implementation of the ICMP-MIB, making the SNMP agent vulnerable if it is making use of the ICMP-MIB table objects CVE-2014-2284. Remotely exploitable denial of...

5CVSS6.2AI score0.04432EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/03/07 12:0 a.m.33 views

Silex USB Device Server Web Configuration Page Empty Password

The Web Configuration Page of the remote Silex USB Device Server uses an empty password to manage the device. Knowing this, an attacker with access to the web server can gain administrative access to the device. Note that the device's Web Configuration Page uses host-based authentication. If a...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/02/07 12:0 a.m.32 views

Fedora 20 : libpng10-1.0.60-6.fc20 (2014-1778)

This update fixes an issue in which an image with a missing or empty palette could cause a crash of a libpng10-using application CVE-2013-6954. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

6.5CVSS7.5AI score0.04692EPSS
Exploits1References3
OSV
OSV
added 2014/01/23 1:55 a.m.2 views

DEBIAN-CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

2.1CVSS6AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2014/01/23 1:55 a.m.3 views

UBUNTU-CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

2.1CVSS5.8AI score0.0041EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/01/23 1:55 a.m.18 views

CVE-2014-0979

The startauthentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdmgreetergetauthenticationuser function, which allows local users to cause a denial of service NULL pointer dereference via an empty username...

2.1CVSS5.8AI score0.0041EPSS
Exploits0References3
CERT
CERT
added 2014/01/09 12:0 a.m.37 views

libpng 1.6.1 through 1.6.7 contain a null-pointer dereference vulnerability

Overview libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images with empty palettes, leading to a null-pointer dereference crash in pngdoexpandpalette. Description The PNG Development Group has reported that "libpng versions 1.6.1 through 1.6.7 fail to reject colormapped images wit...

6.5CVSS7.8AI score0.04692EPSS
Exploits1References1
Rows per page
Query Builder