Lucene search
K

104 matches found

CNVD
CNVD
added 2016/04/21 12:0 a.m.88 views

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-02506 )

Apache Struts is an open source framework for creating enterprise Java Web applications. A remote code execution vulnerability exists in Struts2, which can be exploited by an attacker to execute arbitrary code on the server side of a server that initiates a dynamic method call...

9.3CVSS9.9AI score0.9373EPSS
Exploits12References1
Tenable Nessus
Tenable Nessus
added 2015/09/15 12:0 a.m.34 views

F5 Networks BIG-IP : D-Bus vulnerability (SOL17256)

The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

2.1CVSS5.6AI score0.00388EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/08/06 12:0 a.m.42 views

php5 -- multiple vulnerabilities

The PHP project reports: Core: Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL: Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure. Phar:...

7.5CVSS8.6AI score0.07057EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/01/26 3:59 p.m.27 views

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

7.2CVSS6.2AI score0.00428EPSS
Exploits0References1
NVD
NVD
added 2015/01/26 3:59 p.m.24 views

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

7.2CVSS7.2AI score0.00428EPSS
Exploits0References3
OSV
OSV
added 2015/01/26 3:59 p.m.4 views

UBUNTU-CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...

7.2CVSS6.1AI score0.00428EPSS
Exploits0References2
OSV
OSV
added 2014/09/22 3:55 p.m.1 views

DEBIAN-CVE-2014-3638

The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...

2.1CVSS4.2AI score0.00388EPSS
Exploits0References1
Prion
Prion
added 2014/09/22 3:55 p.m.37 views

Design/Logic Flaw

The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...

2.1CVSS6.4AI score0.00388EPSS
Exploits0References11Affected Software3
Debian CVE
Debian CVE
added 2014/09/22 3:0 p.m.28 views

CVE-2014-3638

The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...

2.1CVSS4AI score0.00388EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/09/17 12:0 a.m.23 views

CVE-2014-3638

The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...

2.1CVSS6.7AI score0.00388EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10689/info A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2013/08/06 6:0 p.m.22 views

CVE-2013-5024

An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted 1 key-open or 2...

6.2AI score0.01191EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/02/11 12:0 a.m.123 views

[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU

Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...

10CVSS0.2AI score0.07714EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2010/06/15 6:0 p.m.28 views

CVE-2010-2188

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...

9.3CVSS6.2AI score0.06751EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.34 views

Mandriva Update for dbus MDVSA-2008:054 (dbus)

Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVSA-2008:054 dbus Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

4.6CVSS5.5AI score0.00408EPSS
Exploits2References2
NVD
NVD
added 2009/03/26 9:0 p.m.26 views

CVE-2008-6531

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."...

6.8CVSS6.8AI score0.0263EPSS
Exploits0References5
Cent OS
Cent OS
added 2008/03/03 7:7 p.m.68 views

dbus security update

CentOS Errata and Security Advisory CESA-2008:0159 Updated dbus packages that fix an issue with circumventing the security policy are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-Bus is a system for sending messages between...

4.6CVSS7.1AI score0.00408EPSS
Exploits2References7
OSV
OSV
added 2008/02/29 7:44 p.m.2 views

DEBIAN-CVE-2008-0595

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes sendinterface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface...

4.6CVSS6.5AI score0.00408EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2008/02/29 7:0 p.m.37 views

CVE-2008-0595

dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes sendinterface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface...

4.6CVSS5.4AI score0.00408EPSS
Exploits2
securityvulns
securityvulns
added 2008/02/29 12:0 a.m.58 views

[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:054 http://www.mandriva.com/security/ Package : dbus Date : February 28, 2008 Affected: 2007.0, 2007.1, 2008.0 Problem Description: A vulnerability was discovered by Havoc Pennington in how the dbus-daemon...

4.6CVSS6.2AI score0.00408EPSS
Exploits2
Rows per page
Query Builder