CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kitploit•added 2017/11/19 9:56 p.m.•22 views

SimpleWall - Simple tool to configure Windows Filtering Platform (WFP)

Simple tool to configure Windows Filtering Platform WFP which can configure network activity on your computer. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For...

7.1AI score

Exploits0References3

Veracode•added 2017/11/14 6:35 a.m.•3 views

Unauthorized Access

Apache Hadoop Mapreduce is vulnerable to unauthorized access. If a file with world-readable access permissions is localized through YARN's localization mechanism, the file will be stored in a world-readable location that can then be accessed by a malicious user...

7.8CVSS6.3AI score0.00347EPSS

Exploits0References4Affected Software1

NVD•added 2017/11/13 2:29 p.m.•14 views

CVE-2017-3166

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

7.8CVSS8AI score0.00347EPSS

Prion•added 2017/11/13 2:29 p.m.•15 views

Design/Logic Flaw

4.6CVSS7.5AI score0.00347EPSS

Exploits0References2Affected Software1

OSV•added 2017/11/13 2:29 p.m.•18 views

CVE-2017-3166

7.8CVSS6.4AI score

Cvelist•added 2017/11/13 2:0 p.m.•25 views

CVE-2017-3166

8AI score0.00347EPSS

CVE•added 2017/11/13 2:0 p.m.•100 views

CVE-2017-3166

CVE-2017-3166 affects Apache Hadoop: if a file in an encryption zone is world-readable and localized via YARN localization, it can be stored in a world-readable location and shared with any requesting application. Affected Hadoop versions per the document: 2.6.1–2.6.5, 2.7.0–2.7.3, and 3.0.0-alph...

7.8CVSS7.4AI score0.00347EPSS

Exploits0References2Affected Software1

Drupal•added 2017/08/30 12:0 a.m.•13 views

Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070

Commerce Invoices allows you to enter an Invoice number, Company name and Amount and it will generate an Invoice that the client can pay on your site using any payment method supported by Drupal commerce. SQL Injection The module did not properly use Drupal's database API when querying the databa...

7AI score

Exploits0References12

Information Security Automation•added 2017/08/03 10:58 a.m.•49 views

Not for Russians

Let's talk about web-site blocking. Not about cases of government censorship, not about cases where content is blocked for copyright reasons and not even about sanctions. I want to pay attention to the cases when companies block access to their own sites voluntarily for user from the whole countr...

6.8AI score

rapid7community•added 2017/07/18 3:36 p.m.•47 views

InsightVM now available in Japan

InsightVM customers can now choose to store their InsightVM data in Japan. At Rapid7, we enable customers to comply with policies and preferences by selecting the region where their data is transmitted, processed, and stored. We're excited to announce that Japan joins our existing data centers in...

6.7AI score

rapid7community•added 2017/06/15 4:5 p.m.•19 views

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative USTR - the nation's lead trade agreement negotiator - formally requested public input on objectives for the renegotiation of th...

6.8AI score

Tenable Nessus•added 2017/02/01 12:0 a.m.•43 views

openSUSE Security Update : lcms2 (openSUSE-2017-179)

This update for lcms2 to version 2.8 fixes the following issues : This security issue was fixed : - Fixed an out-of-bounds heap read in TypeMLURead that could be triggered by an untrusted image with a crafted ICC profile boo1021364. These non-security issues were fixed : - Fixed many typos in...

5.6AI score

OSV•added 2017/01/11 4:59 a.m.•3 views

CVE-2017-2962

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution...

7.8CVSS6AI score

NVD•added 2017/01/11 4:59 a.m.•20 views

CVE-2017-2962

9.3CVSS7.7AI score0.09855EPSS

Prion•added 2017/01/11 4:59 a.m.•17 views

Type confusion

9.3CVSS7.8AI score0.09855EPSS

Exploits0References4Affected Software4

Cvelist•added 2017/01/11 4:40 a.m.•28 views

CVE-2017-2962

8.9AI score0.09855EPSS

AlpineLinux•added 2017/01/11 4:40 a.m.•2 views

CVE-2017-2962

9.3CVSS7.8AI score0.09855EPSS

CVE•added 2017/01/11 4:40 a.m.•74 views

CVE-2017-2962

CVE-2017-2962 : Adobe Acrobat Reader/Reader with versions 15.020.20042 and earlier, 15.006.30244 and earlier, and 11.0.18 and earlier are affected by a type confusion vulnerability in the XSLT engine’s localization handling, which could lead to arbitrary code execution. Affected OSes include Wind...

9.3CVSS8.7AI score0.09855EPSS

Exploits0References4Affected Software4

Vulnerability Lab•added 2016/12/21 12:0 a.m.•42 views

Docebo LMS v6.9 - (Localization) Persistent Vulnerability

Document Title: =============== Docebo LMS v6.9 - Localization Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1880 Release Date: ============= 2016-12-21 Vulnerability Laboratory ID VL-ID: ==================================== 18...

7.1AI score