CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5353 matches found

Cvelist•added 2017/02/20 8:35 a.m.•18 views

CVE-2017-2366

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial ...

7.6AI score0.00382EPSS

Exploits0References7

Debian CVE•added 2017/02/20 8:35 a.m.•24 views

CVE-2016-7639

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of...

8.8CVSS9.3AI score0.00382EPSS

Exploits0

Tenable Nessus•added 2017/02/17 12:0 a.m.•30 views

Debian DLA-825-1 : spice security update

Several vulnerabilities were discovered in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-9577 Frediano Ziglio of Red Hat discovered a buffer overflow vulnerability in the mainchannelallocmsgrcvbuf...

8.8CVSS8.2AI score0.06999EPSS

Exploits0References4

Prion•added 2017/02/15 7:59 p.m.•22 views

Double free

Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command...

6.8CVSS8.3AI score0.00614EPSS

Exploits1References10Affected Software3

OpenVAS•added 2017/02/15 12:0 a.m.•27 views

Debian: Security Advisory (DSA-3790-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.2AI score0.06999EPSS

Exploits0References3

NVD•added 2017/02/13 6:59 p.m.•21 views

CVE-2016-3616

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file...

8.8CVSS7.9AI score0.016EPSS

Exploits0References6

Cvelist•added 2017/02/13 6:0 p.m.•24 views

CVE-2016-3616

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service NULL pointer dereference and application crash or execute arbitrary code via a crafted file...

7.9AI score0.016EPSS

Exploits0References6

NVD•added 2017/02/07 5:59 p.m.•21 views

CVE-2015-8322

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors...

8.8CVSS8.7AI score0.02349EPSS

Exploits0References2

Prion•added 2017/02/07 4:59 p.m.•12 views

Input validation

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system...

6.5CVSS8.1AI score0.02428EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/02/07 3:0 p.m.•28 views

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

9.7AI score0.10928EPSS

Exploits4References4

Debian CVE•added 2017/02/07 3:0 p.m.•34 views

CVE-2015-8608

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service out-of-bounds read and possibly execute arbitrary code via a crafted 1 drive letter or 2 pInName argument...

9.8CVSS9.6AI score0.02874EPSS

Exploits2

Cvelist•added 2017/02/07 3:0 p.m.•23 views

CVE-2015-8608

9.1AI score0.02874EPSS

Exploits2References4

UbuntuCve•added 2017/02/07 12:0 a.m.•25 views

CVE-2017-5885

Multiple integer overflows in the 1 vncconnectionservermessage and 2 vnccolormapset functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service crash or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow...

9.8CVSS7.4AI score0.00371EPSS

Exploits1References3

Prion•added 2017/02/01 10:59 p.m.•11 views

Code injection

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

6.5CVSS8.1AI score0.0212EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/02/01 10:0 p.m.•19 views

CVE-2016-8932

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server...

8.9AI score0.0212EPSS

Exploits0References2

NVD•added 2017/02/01 8:59 p.m.•15 views

CVE-2016-6082

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS9.7AI score0.07425EPSS

Exploits0References2

NVD•added 2017/01/27 5:59 p.m.•19 views

CVE-2016-9453

The t2preadwritepdfimagetile function in LibTIFF allows remote attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a JPEG file with a TIFFTAGJPEGTABLES of length one...

7.8CVSS8.7AI score0.00294EPSS

Exploits0References6