Lucene search
K

1303 matches found

OpenVAS
OpenVAS
added 2014/10/17 12:0 a.m.40 views

CentOS Update for openssl CESA-2014:1653 centos5

Check the version of openssl SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882063";...

4.3CVSS6.2AI score0.99999EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.60 views

Debian DSA-3053-1 : openssl - security update (POODLE)

Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. - CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted...

7.1CVSS6.3AI score0.99999EPSS
Exploits7References10
OSV
OSV
added 2014/10/16 4:34 p.m.3 views

USN-2385-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...

7.1CVSS6.8AI score0.37072EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2014/10/16 4:34 p.m.77 views

USN-2385-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. CVE-2014-3513 I...

7.1CVSS7.1AI score0.37072EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/10/16 12:0 a.m.44 views

Debian Security Advisory DSA 3053-1 (openssl - security update)

Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshak...

7.1CVSS0.5AI score0.99999EPSS
Exploits7References1
OSV
OSV
added 2014/10/16 12:0 a.m.48 views

DSA-3053-1 openssl - security update

Bulletin has no description...

7.1CVSS4.8AI score0.37072EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/10/14 8:13 p.m.12 views

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...

1.3AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.42 views

openSUSE Security Update : libQtWebKit-devel (openSUSE-SU-2011:1119-1)

Specially crafted font files could cause a single byte heap based buffer overflow CVE-2011-3193. Specially crafted grey scale images could cause a heap based buffer overflow CVE-2011-3194. The update also fixes the following non-security bugs : - fix QFileDialog not showing system files bnc669604...

9.3CVSS5.3AI score0.07543EPSS
Exploits0References9
NVD
NVD
added 2014/05/26 12:25 a.m.19 views

CVE-2014-3274

Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...

4.3CVSS6AI score0.01129EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/05/23 10:0 p.m.22 views

CVE-2014-3274

Cisco TelePresence System CTS 6.0.55 and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager UCM to...

6AI score0.01129EPSS
Exploits0References3
NVD
NVD
added 2014/03/24 2:20 p.m.30 views

CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS5.6AI score0.01486EPSS
Exploits1References2
OSV
OSV
added 2014/03/24 2:20 p.m.5 views

UBUNTU-CVE-2013-7342

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...

4.3CVSS5.9AI score0.01474EPSS
Exploits1References4
Prion
Prion
added 2014/03/24 2:20 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...

4.3CVSS6AI score0.02405EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2014/03/24 2:20 p.m.2 views

UBUNTU-CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS5.9AI score0.01486EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.31 views

CVE-2013-7342

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341...

5.6AI score0.01474EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.30 views

CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

5.5AI score0.01486EPSS
Exploits1References2
CVE
CVE
added 2014/03/22 1:0 a.m.57 views

CVE-2013-7343

CVE-2013-7343 describes a cross-site scripting (XSS) vulnerability in Flowplayer’s Flash fallback component, specifically in the flowplayer.swf used by Flowplayer HTML5 5.4.3. The issue allows remote attackers to inject arbitrary web script or HTML by abusing URL encoding within the name of the c...

4.3CVSS5.7AI score0.01486EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2014/01/28 12:55 a.m.26 views

PYSEC-2014-95

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

3.3CVSS3.9AI score0.00315EPSS
Exploits0References6
Cvelist
Cvelist
added 2014/01/28 12:0 a.m.28 views

CVE-2014-1624

Race condition in the xdg.BaseDirectory.getruntimedir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once th...

6AI score0.00315EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2014/01/17 12:0 a.m.65 views

Enghouse Interactive IVR Pro (VIP2000) Remote Root

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...

10CVSS0.02816EPSS
Exploits1
Rows per page
Query Builder