CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4025 matches found

UbuntuCve•added 2016/01/29 7:59 p.m.•21 views

CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...

9.6CVSS7.2AI score0.02126EPSS

Exploits0References5

Cvelist•added 2016/01/29 7:0 p.m.•25 views

CVE-2015-8789

9.3AI score0.02126EPSS

Exploits0References7

Debian CVE•added 2016/01/29 7:0 p.m.•14 views

CVE-2015-8789

9.6CVSS9.4AI score0.02126EPSS

Exploits0

CNVD•added 2016/01/28 12:0 a.m.•2 views

Xen 'paging_invlpg' function denial of service vulnerability

Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in t...

6.3CVSS8.2AI score0.01277EPSS

Exploits0References1

RubySec•added 2016/01/25 12:0 a.m.•27 views

Nested attributes rejection proc bypass in Active Record

There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...

5.3CVSS2.1AI score0.0425EPSS

Exploits0References1Affected Software1

OSV•added 2016/01/22 3:59 p.m.•2 views

DEBIAN-CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

6.3CVSS8.2AI score0.01277EPSS

Exploits0References1

OSV•added 2016/01/22 3:59 p.m.•5 views

CVE-2016-1571

6.3CVSS6.9AI score

Exploits0References4

NVD•added 2016/01/22 3:59 p.m.•16 views

CVE-2016-1571

6.3CVSS6.7AI score0.01277EPSS

Exploits0References4

Prion•added 2016/01/22 3:59 p.m.•24 views

Design/Logic Flaw

4.7CVSS6.5AI score0.01277EPSS

Exploits0References4Affected Software2

OSV•added 2016/01/22 3:59 p.m.•1 views

UBUNTU-CVE-2016-1571

6.3CVSS6.9AI score0.01277EPSS

Exploits0References3

Debian CVE•added 2016/01/22 3:0 p.m.•30 views

CVE-2016-1571

6.3CVSS4.4AI score0.01277EPSS

Exploits0

CVE•added 2016/01/22 3:0 p.m.•103 views

CVE-2016-1571

CVE-2016-1571 affects Xen 3.3.x–4.6.x. When shadow paging or nested virtualization is enabled, a local HVM guest can trigger the hypervisor bug check via a non-canonical guest address in an INVVPID instruction, causing a host crash (DoS). The description does not specify a vendor patch or fixed v...

6.3CVSS6.1AI score0.01277EPSS

Exploits0References4Affected Software1

Xen Project•added 2016/01/20 12:0 p.m.•78 views

VMX: intercept issue with INVLPG on non-canonical address

ISSUE DESCRIPTION While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug check...

6.3CVSS0.1AI score0.01277EPSS

Exploits0Affected Software1

CNVD•added 2016/01/11 12:0 a.m.•3 views

IBM Connections XML Parsing Denial of Service Vulnerability

IBM Connections is a suite of social software platforms. The platform provides advanced analytics and real-time data monitoring capabilities and accelerates web collaboration within and outside the organization through IBM SmartCloud services. IBM Connections processed XML entity extensions durin...

7.8CVSS6.9AI score0.01452EPSS

Exploits0References1

ATTACKERKB•added 2016/01/03 5:59 a.m.•3 views

CVE-2015-5038

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service CPU consumption and application crash via a crafted XML document containing a large...

9.3CVSS5.6AI score0.01619EPSS

Exploits0References3

Positive Technologies•added 2015/11/24 12:0 a.m.•2 views

PT-2015-3437 · Pcre +5 · Pcre +5

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue is related to the pcre compile function in the PCRE library, which mishandles certain : nesting in regular expressions. This can be exploited by remote attackers to cause a denial of service,...

9.8CVSS7.4AI score0.09157EPSS

Exploits12References148

RedHat Linux•added 2015/11/23 4:13 p.m.•7 views

Moderate: Red Hat Bug Fix Advisory: libreoffice bug fix and enhancement update

Updated libreoffice packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a...

6.8CVSS6.7AI score0.07646EPSS

Exploits0References19

OSV•added 2015/10/06 1:59 a.m.•2 views

DEBIAN-CVE-2015-7686

Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service CPU consumption via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associat...

7.8CVSS6.5AI score0.03072EPSS

Exploits0References1

UbuntuCve•added 2015/10/06 1:59 a.m.•27 views

CVE-2015-7686

7.8CVSS7AI score0.03072EPSS

Exploits0References3

Prion•added 2015/10/06 1:59 a.m.•21 views

Design/Logic Flaw

7.8CVSS6.9AI score0.03072EPSS

Exploits0References3Affected Software1

Rows per page