CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ThreatPost•added 2016/03/22 2:44 p.m.•9 views

Google Debuts New Untrusted CA Log Submariner

Google wants the internet to know that it’s keeping track of deployed certificates, whether they’re trusted or not. While the search behemoth has long maintained a list of trusted Certificate Authorities, it announced on Monday that it has created a new list of CAs that were once, or are not yet...

0.2AI score

Exploits0References6

OpenVAS•added 2016/03/22 12:0 a.m.•24 views

Cisco ASA 5500 Devices DoS Vulnerability (cisco-sa-20160309-csc)

Cisco ASA 5500 devices are prone to a denial of service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

7.8CVSS7.5AI score0.02868EPSS

Exploits0References1

Hacker One•added 2016/03/17 8:24 a.m.•217 views

New Relic: Insecure transition from HTTP to HTTPS in form post

Vulnerability description:- This form is served from an insecure page http page. This page could be hijacked using a Man-in-the-middle attack and an attacker can replace the form target. This vulnerability affects:- /selfies/submit. attack details:- Form name: "form144" Form action:...

0.1AI score

Hacker One•added 2016/03/17 5:53 a.m.•16 views

Gratipay: Cookie Does Not Contain The "secure" Attribute

Poc : https://gratipay.com/ -- optimizelyBuckets=%7B%7D; expires=Sat Mar 14 21:28:25 2026; path=/; domain=.gratipay.com; max-age=315359448,https://gratipay.com/ -- optimizelyEndUserId=oeu1458188905178r0.282567850779742; expires=Sat Mar 14 21:28:25 2026; path=/; domain=.gratipay.com;...

1AI score

NVD•added 2016/03/14 1:59 a.m.•19 views

CVE-2016-1731

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream...

5.9CVSS5.1AI score0.00925EPSS

Prion•added 2016/03/14 1:59 a.m.•17 views

Design/Logic Flaw

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream...

5CVSS6.3AI score0.00925EPSS

CVE•added 2016/03/14 1:0 a.m.•153 views

CVE-2016-1731

The CVE-2016-1731 vulnerability affects Apple Software Update on Windows versions prior to 2.2. The issue arises because the update contents are retrieved over HTTP instead of HTTPS, enabling a man-in-the-middle to modify the data stream and spoof updates. Public sources in the provided documents...

5.9CVSS4.9AI score0.00925EPSS

Cvelist•added 2016/03/14 1:0 a.m.•24 views

CVE-2016-1731

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream...

5.1AI score0.00925EPSS

Check Point Advisories•added 2016/03/13 12:0 a.m.•0 views

Suspicious HTTPS YAHOO Mail Attachment Containing JavaScript Code

Many phishing campaigns are known to use mail attachments containing JavaScript code. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system. This method is often use...

1.6AI score

Check Point Advisories•added 2016/03/13 12:0 a.m.•0 views

Suspicious HTTPS Gmail Mail Attachment Containing JavaScript Code

1.5AI score

CNVD•added 2016/03/11 12:0 a.m.•2 views

Cisco ASA 5500 Content Security and Control Security Services Module Denial of Service Vulnerability

The Cisco ASA 5500 is an X-Series next-generation firewall security appliance from Cisco, Inc.The Content Security and Control Security Services Module CSC-SSM is one of the content security and control security services modules. A security vulnerability exists in the HTTPS inspection engine in...

7.8CVSS6.7AI score0.02868EPSS

Exploits0References1

Prion•added 2016/03/09 8:59 p.m.•15 views

Design/Logic Flaw

The HTTPS inspection engine in the Content Security and Control Security Services Module CSC-SSM 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service memory consumption or device reload via a flood of HTTPS packets, aka Bug ID CSCue76147...

7.8CVSS7.3AI score0.02868EPSS

NVD•added 2016/03/09 8:59 p.m.•15 views

CVE-2016-1312

7.8CVSS7.5AI score0.02868EPSS

Cvelist•added 2016/03/09 8:0 p.m.•20 views

CVE-2016-1312

7.5AI score0.02868EPSS

CVE•added 2016/03/09 8:0 p.m.•50 views

CVE-2016-1312

The CVE-2016-1312 issue affects Cisco ASA 5500-series devices with the Content Security and Control Security Services Module (CSC-SSM) HTTPS inspection engine. The vulnerability is due to improper handling of a high rate of HTTPS packets, enabling an unauthenticated, remote attacker to cause memo...

7.8CVSS7.4AI score0.02868EPSS

Cisco•added 2016/03/09 4:0 p.m.•50 views

Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability

A vulnerability in the HTTPS inspection engine of the Cisco ASA Content Security and Control Security Services Module CSC-SSM could allow an unauthenticated, remote attacker to cause exhaustion of available memory, system instability, and a reload of the affected system. The vulnerability is due ...

7.8CVSS7.5AI score0.02868EPSS

Exploits0References1

Openbugbounty•added 2016/03/09 1:56 p.m.•17 views

tc.airfrance.com Open Redirect vulnerability

Vulnerable URL: http://tc.airfrance.com/c/?tcs=324=localdeals=travelzoo=wowtnr=ca Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank|...

6.8AI score