Lucene search
K

737 matches found

CNVD
CNVD
added 2018/09/16 12:0 a.m.3 views

FreeBSD Denial of Service Vulnerability (CNVD-2020-38783)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from the ELF packet header parser not...

7.1CVSS8.4AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/04 12:0 a.m.2 views

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...

8.8CVSS8.8AI score0.00664EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/22 12:0 a.m.3 views

Denial of Service Vulnerability in FXOS Software and NX-OS Software Fabric Services Component for Multiple Cisco Products

Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...

10CVSS9.3AI score0.04153EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/21 12:0 a.m.4 views

Cisco FXOS and NX-OS CFS Arbitrary Code Execution Vulnerability (CNVD-2018-11965)

Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...

10CVSS9.8AI score0.087EPSS
Exploits0References1
OSV
OSV
added 2018/06/20 9:29 p.m.3 views

CVE-2018-0312

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. The vulnerability exists because the affected software...

9.8CVSS6.4AI score0.05659EPSS
Exploits0References3
OSV
OSV
added 2018/06/14 12:29 p.m.2 views

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook...

6.5CVSS5.8AI score0.04852EPSS
Exploits0References3
CNVD
CNVD
added 2018/06/13 12:0 a.m.2 views

Microsoft Outlook elevation of privilege vulnerability (CNVD-2018-13288)

Microsoft Outlook is an e-mail client software bundled with the Office suite from Microsoft USA. The software manages e-mail, contacts, calendars, and more. An elevation of privilege vulnerability exists in Microsoft Outlook that originates from the program failing to properly validate attachment...

6.5CVSS6.7AI score0.04852EPSS
Exploits0References1
OSV
OSV
added 2018/05/02 11:29 p.m.3 views

UBUNTU-CVE-2016-10721

partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application...

9.8CVSS7.8AI score0.02184EPSS
Exploits0References3
Prion
Prion
added 2018/02/05 10:29 p.m.13 views

Design/Logic Flaw

In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...

9.3CVSS8.7AI score0.02163EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2018/02/05 10:0 p.m.40 views

CVE-2018-6651

CVE-2018-6651 affects uncurl (uncurl.c) in uncurl before 0.07, as used in Parsec before 140-3. The issue is insufficient Origin header validation for WebSocket API requests (accepting an arbitrary substring match), which enables remote attackers to bypass access restrictions and, in Parsec, could...

9.3CVSS8.6AI score0.02163EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/11/20 12:0 a.m.3 views

Android Qualcomm Linux boot information disclosure vulnerability (CNVD-2017-34672)

Android on Google Pixel and Nexus is an open source Linux-based operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handheld Alliance OHA.Qualcomm Linux boot is one of the Linux boot programs. Qualcomm Linux boot is one of the Linux boot programs. An...

7.8CVSS6.1AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/10/04 12:0 a.m.47 views

Debian DSA-3991-1 : qemu - security update

Multiple vulnerabilities were found in qemu, a fast processor emulator : - CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. - CVE-2017-12809 Denial of service in the CDROM device drive emulation. - CVE-2017-13672 Denial of service in VGA display emulation. - CVE-2017-13711...

8.8CVSS7.1AI score0.03841EPSS
Exploits0References12
OSV
OSV
added 2017/04/20 10:59 p.m.3 views

CVE-2017-6613

A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service DoS condition on the affected system. The vulnerability is due to...

5.8CVSS5.8AI score0.01986EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/31 12:0 a.m.5 views

GNU Binutils Binary File Descriptor Remote Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

7.5CVSS7.6AI score0.02217EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/03/07 7:55 a.m.56 views

Legal Robot: Cross Site WebSocket Hijacking

Description: The given URL fails to validate Origin header- leading to Cross-Site WebSocket Hijacking. Impact: The impact, however, depends on how the server is configured. For example, it might require an authentication token which are user specific. In such cases, it might not be as sever as it...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2017/02/08 10:0 p.m.17 views

CVE-2016-9686

The Puppet Communications Protocol PCP Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2...

5.3AI score0.01275EPSS
Exploits0References1
OSV
OSV
added 2016/12/09 8:59 p.m.2 views

DEBIAN-CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...

8.1CVSS7AI score0.06074EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/11/04 6:12 p.m.18 views

RubyGems: Host header Injection rubygems.org

Hi, As you are interested in any bug in rubygems.org, I thought of reporting it. The host header is not validated on rubygems.org. In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and even generate password resets links with its valu...

6.9AI score
Exploits0
CNVD
CNVD
added 2016/09/09 12:0 a.m.5 views

Cisco Firepower Management Center and FireSIGHT System Software Security Bypass Vulnerability

Cisco Firepower Management Center and FireSIGHT System Software are management center software from Cisco in the United States. Cisco Firepower Management Center and FireSIGHT System Software fail to properly validate fields in HTTP headers, allowing remote attackers to exploit vulnerabilities to...

5.3CVSS7.1AI score0.01244EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/16 12:0 a.m.5 views

IBM Connections Host Header Injection Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A host header injectio...

5.4CVSS7.2AI score0.00516EPSS
Exploits0References1
Rows per page
Query Builder