CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ubuntu•added 2015/01/13 12:7 p.m.•109 views

USN-2466-1: Linux kernel vulnerabilities

6.1CVSS6.8AI score0.0523EPSS

Tenable Nessus•added 2015/01/13 12:0 a.m.•71 views

MS15-007: Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)

The remote Windows host is affected by a denial of service vulnerability due to a failure to properly parse username queries on an Internet Authentication Service IAS or a Network Policy Server NPS. A remote, unauthenticated attacker, using specially crafted username strings, can exploit this to...

7.8CVSS5.5AI score0.78735EPSS

Exploits1References2

Check Point Advisories•added 2015/01/12 12:0 a.m.•2 views

Adobe Reader Javascript API Information Disclosure (APSB14-28: CVE-2014-8451)

An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper implementation of a Javascript API. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...

5CVSS6AI score0.094EPSS

Prion•added 2015/01/09 2:59 a.m.•24 views

Design/Logic Flaw

The BNsqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to...

5CVSS7AI score0.2132EPSS

Exploits0References41Affected Software1

Mageia•added 2015/01/07 3:14 p.m.•70 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.27 and fixes the following security issues: arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier...

7.8CVSS6.7AI score0.01504EPSS

Exploits9References4

OpenVAS•added 2015/01/05 12:0 a.m.•23 views

VLC Media Player Multiple Vulnerabilities-03 (Jan 2015) - Linux

VLC media player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:videolan:vlcmediaplayer";...

7.5CVSS6.3AI score0.03583EPSS

OpenVAS•added 2015/01/05 12:0 a.m.•26 views

VLC Media Player Multiple Vulnerabilities-03 (Jan 2015) - Mac OS X

7.5CVSS6.3AI score0.03583EPSS

Fedora•added 2015/01/03 7:12 p.m.•30 views

[SECURITY] Fedora 21 Update: libssh-0.6.4-1.fc21

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

5CVSS3.6AI score0.05145EPSS

Fedora•added 2015/01/03 7:10 p.m.•31 views

[SECURITY] Fedora 20 Update: libssh-0.6.4-1.fc20

5CVSS3.6AI score0.05145EPSS

Fedora•added 2015/01/03 6:58 p.m.•40 views

[SECURITY] Fedora 19 Update: libssh-0.6.4-1.fc19

5CVSS3.6AI score0.05145EPSS

Prion•added 2015/01/02 9:59 p.m.•30 views

Design/Logic Flaw

The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service mesh-node system crash...

7.8CVSS6.8AI score0.05361EPSS

Exploits0References13Affected Software1

Debian CVE•added 2015/01/02 9:0 p.m.•27 views

CVE-2014-9428

7.8CVSS6.2AI score0.05361EPSS

UbuntuCve•added 2014/12/31 12:0 a.m.•36 views

CVE-2014-9710

The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations 1 during an xattr-replacement time...

6.9CVSS7.1AI score0.00277EPSS

Exploits0References6

Hacker One•added 2014/12/30 7:32 a.m.•28 views

Nearby Live: Gain access to any user's email address

An attacker can gain access to any user's email address by accessing the /points/buy page. This is a serious issue because the email address is used as one of the login credentials for the website. Steps to reproduce : 1. Go to https://www.wnmlive.com/account/points 2. Select "Get more points" +...

7AI score

UbuntuCve•added 2014/12/29 8:59 p.m.•37 views

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS5.9AI score0.07832EPSS

Fedora•added 2014/12/29 10:6 a.m.•29 views

[SECURITY] Fedora 21 Update: eclipse-jgit-3.5.3-1.fc21

A pure Java implementation of the Git version control system...

9.8CVSS3.8AI score0.63178EPSS

Exploits5

Mageia•added 2014/12/26 5:4 p.m.•34 views

Updated not-yet-commons-ssl packages fix CVE-2014-3604

Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...

6.8CVSS8.9AI score0.00932EPSS