CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9137 matches found

OpenVAS•added 2016/03/08 12:0 a.m.•31 views

Google Chrome Multiple Vulnerabilities (Mar 2016) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

10CVSS7.2AI score0.02451EPSS

Exploits3References1

Tenable Nessus•added 2016/03/07 12:0 a.m.•31 views

Debian DSA-3507-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. - CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. - CVE-2016-1631 Mariusz...

10CVSS7.3AI score0.10339EPSS

Exploits3References30

Tenable Nessus•added 2016/03/07 12:0 a.m.•14 views

openSUSE Security Update : pigz (openSUSE-2016-299)

Pigz, a multi-threaded implementation of gzip, was updated to fix one vulnerability. The following vulnerability was fixed : - A crafted file could have caused an unwanted directory traversal on extract CVE-2015-1191 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

5CVSS5.4AI score0.03029EPSS

Exploits1References2

ThreatPost•added 2016/03/01 10:24 a.m.•8 views

White House Wants Wassenaar Renegotiation

The White House, lawmakers said yesterday, wants to renegotiate the divisive U.S. implementation of the Wassenaar Arrangement rules as they relate to intrusion software. A draft of the rules was pulled off the table in July by the Commerce Department’s Bureau of Industry and Security BIS followin...

0.7AI score

Exploits0References3

Cvelist•added 2016/03/01 2:0 a.m.•24 views

CVE-2016-1353

The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming VDS-IS 3.30, 3.31, 4.00, and 4.10 does not properly initiate new TCP sessions when a previous session is in a FIN wait state, which allows remote attackers to cause a denial of service TCP outage via vectors...

5.3AI score0.01739EPSS

Exploits0References2

Fedora•added 2016/02/29 10:26 p.m.•26 views

[SECURITY] Fedora 22 Update: qca-2.1.1-4.fc22

Taking a hint from the similarly-named Java Cryptography Architecture, QCA aims to provide a straightforward and cross-platform crypto API, using Qt datatypes and conventions. QCA separates the API from the implementation, using plugins known as Providers. The advantage of this model is to allow...

10CVSS1AI score0.06677EPSS

Exploits0

GoogleProjectZero•added 2016/02/29 12:0 a.m.•41 views

The Definitive Guide on Win32 to NT Path Conversion

Posted by James Forshaw, path’ological reverse engineer. How the Win32 APIs process file paths on Windows NT is a tale filled with backwards compatibility hacks, weird behaviour, and beauty†. Incorrect handling of Win32 paths can lead to security vulnerabilities. This blog post is to try and give...

6.9AI score

Exploits0

Tenable Nessus•added 2016/02/29 12:0 a.m.•35 views

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) regression (USN-2910-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2910-2 advisory. USN-2910-1 fixed vulnerabilities in the Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

5.6AI score

Exploits0References1

Tenable Nessus•added 2016/02/29 12:0 a.m.•44 views

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) regression (USN-2908-5)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2908-5 advisory. USN-2908-2 fixed vulnerabilities in the Ubuntu 15.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect locking fix caused a regression that broke graphics...

5.6AI score

Exploits0References1

Fedora•added 2016/02/28 12:28 p.m.•21 views

[SECURITY] Fedora 23 Update: libssh-0.7.3-1.fc23

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

5.9CVSS3.6AI score0.02431EPSS

Exploits0

OpenVAS•added 2016/02/28 12:0 a.m.•47 views

Ubuntu: Security Advisory (USN-2908-5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.3AI score0.01061EPSS

Exploits4References3

Cloud Foundry•added 2016/02/26 12:0 a.m.•45 views

USN-2910-1 Linux kernel vulnerability | Cloud Foundry

USN-2910-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges...

7.8CVSS7AI score0.0123EPSS

Exploits4

NVD•added 2016/02/23 7:59 p.m.•20 views

CVE-2015-8804

x8664/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors...

9.8CVSS9.7AI score0.03872EPSS

Exploits0References11

Prion•added 2016/02/23 7:59 p.m.•23 views

Design/Logic Flaw

7.5CVSS7.1AI score0.03872EPSS

Exploits0References11Affected Software4

Debian CVE•added 2016/02/23 7:0 p.m.•29 views

CVE-2015-8805

The ecc256modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

9.8CVSS9.1AI score0.02738EPSS

Exploits0

Debian•added 2016/02/23 1:14 p.m.•31 views

[SECURITY] [DLA 425-1] libssh security update

Package : libssh Version : 0.4.5-3+squeeze3 CVE ID : CVE-2016-0739 Aris Adamantiadis of the libssh team discovered that libssh, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets. This vulnerability could be...

5.9CVSS6.4AI score0.02431EPSS

Exploits0

Tenable Nessus•added 2016/02/23 12:0 a.m.•67 views

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-2908-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2908-2 advisory. halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged...

7.8CVSS7.4AI score0.01061EPSS

Exploits4References6

Tenable Nessus•added 2016/02/23 12:0 a.m.•41 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

7.8CVSS6.8AI score0.0123EPSS

Exploits4References8