CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3807 matches found

VulnCheck KEV•added 2014/05/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2014-1809

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability."...

6.8CVSS5.8AI score0.10117EPSS

Exploits0References1

RedHat Linux•added 2014/04/17 11:30 a.m.•1 views

ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the Januar...

10CVSS6.8AI score0.08383EPSS

Exploits0References5

RedHat Linux•added 2014/04/17 11:30 a.m.•3 views

OpenJDK: Incorrect image layout verification (2D, 8012601)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

10CVSS6.8AI score0.07133EPSS

Exploits0References5

Jake Archibald's Blog•added 2014/04/01 12:0 a.m.•13 views

visibility: visible undoes visibility: hidden

If you set an element to display: none the browser ignores all of its children, if a child sets itself to display: block it will remain hidden. This isn't true of visibility. Serious? Serious. html.show-only-the-button visibility: hidden; html.show-only-the-button .the-button visibility: visible;...

0.9AI score

Exploits0

MSRC•added 2014/03/12 7:0 a.m.•8 views

When ASLR makes the difference

We wrote several times in this blog about the importance of enabling Address Space Layout Randomization mitigation ASLR in modern software because it’s a very important defense mechanism that can increase the cost of writing exploits for attackers and in some cases prevent reliable exploitation. ...

6.9AI score

Exploits0

ThreatPost•added 2014/02/24 8:43 a.m.•82 views

Complete Microsoft EMET Bypass Developed

SAN FRANCISCO — Researchers at Bromium Labs are expected to announce today they have developed an exploit that bypasses all of the mitigations in Microsoft’s Enhanced Mitigation Experience Toolkit EMET. Principal security researcher Jared DeMott is scheduled to deliver a presentation this morning...

9.3CVSS1.2AI score0.99945EPSS

Exploits33References6

UbuntuCve•added 2014/02/24 4:48 a.m.•25 views

CVE-2013-6655

Use-after-free vulnerability in Blink, as used in Google Chrome before 33.0.1750.117, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper handling of overflowchanged DOM events during interaction between JavaScript and...

7.5CVSS7.3AI score0.01281EPSS

Exploits1References4

Cvelist•added 2014/02/24 2:0 a.m.•22 views

CVE-2013-6655

6.8AI score0.01281EPSS

Exploits1References5

Cvelist•added 2014/02/24 2:0 a.m.•25 views

CVE-2013-6658

Multiple use-after-free vulnerabilities in the layout implementation in Blink, as used in Google Chrome before 33.0.1750.117, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving 1 running JavaScript code during execution of the...

7.4AI score0.02057EPSS

Exploits1References5

Debian CVE•added 2014/02/24 2:0 a.m.•24 views

CVE-2013-6655

Removed by vendor...

7.5CVSS9.4AI score0.01281EPSS

Exploits1

ThreatPost•added 2014/02/20 2:13 p.m.•38 views

Google Fixes 28 Security Flaws in Chrome 33

Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the...

7.5CVSS0.3AI score0.02057EPSS

Exploits1References10

ThreatPost•added 2014/02/14 2:27 p.m.•39 views

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

9.3CVSS0.6AI score0.85239EPSS

Exploits23References6

seebug.org•added 2014/02/13 12:0 a.m.•41 views

Microsoft .NET Framework ASLR安全限制绕过漏洞(CVE-2014-0295)(MS14-009)

BUGTRAQ ID: 65418 CVECAN ID: CVE-2014-0295 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework没有正确实现地址空间布局随机化，存在安全限制绕过漏洞。此漏洞可使攻击者绕过ASLR安全功能，然后即可加载恶意代码，利用其它漏洞。 0 Microsoft .NET Framework 4.x...

4.3CVSS6.4AI score0.13768EPSS

Exploits2

OpenVAS•added 2014/02/13 12:0 a.m.•21 views

Fedora Update for graphviz FEDORA-2014-0602

Check for the Version of graphviz OpenVAS Vulnerability Test Fedora Update for graphviz FEDORA-2014-0602 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS1AI score0.06082EPSS

Exploits2References2

Tenable Nessus•added 2014/02/12 12:0 a.m.•133 views

MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. CVE-2014-0253 - An error exists related to decisions...

9.3CVSS7.3AI score0.69801EPSS

Exploits9References4