Lucene search
+L

322 matches found

OSV
OSV
added 2018/01/18 2:29 a.m.6 views

CVE-2018-2639

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

8.3CVSS5.6AI score0.02943EPSS
Exploits0References9
CNVD
CNVD
added 2018/01/18 12:0 a.m.5 views

FoxSash ImgHosting Search Engine Cross-Site Scripting Vulnerability

FoxSash ImgHosting is a set of scripts for online image hosting. search engine is one of the search engines. A cross-site scripting vulnerability exists in the search engine in FoxSash ImgHosting version 1.5. A remote attacker can exploit this vulnerability by sending the 'search' parameter to th...

6.1CVSS6.4AI score0.02069EPSS
Exploits5References1
OSV
OSV
added 2017/09/14 1:29 p.m.6 views

CVE-2017-1002006

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/savecontact.php doesn't check that the user is authorized before injecting new contacts into the wpcontact table...

7.5CVSS5.8AI score0.03232EPSS
Exploits1References3
CNVD
CNVD
added 2017/08/01 12:0 a.m.8 views

GLPI front/devicesoundcard.php file SQL injection vulnerability

GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An SQL injection vulnerability exists in the front/devicesoundcard.php...

9.8CVSS8.6AI score0.01633EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/13 12:0 a.m.4 views

PHP 'main/php_ini.c' Denial of Service Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A denial of service vulnerability exists in PHP version 7.1.5. An attacker can exploit the vulnerability to corrupt the affected application,...

6.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/06/13 12:0 a.m.5 views

PT-2017-4084 · Pivotal +1 · Rabbitmq +1

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.4.x through 3.5.x RabbitMQ versions 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x RabbitMQ for PCF versions 1.6.x prior to 1.6.18 RabbitMQ for PCF versions 1.7.x prior to 1.7.15 Description: The issue is related to...

9.8CVSS6.4AI score0.99856EPSS
Exploits19References105
OSV
OSV
added 2017/05/24 3:29 p.m.4 views

ALPINE-CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...

9.8CVSS7AI score0.06265EPSS
Exploits1References1
CNVD
CNVD
added 2017/05/16 12:0 a.m.6 views

Think Mutual Bank Mobile Banking app SSL Certificate Validation Vulnerability

Think Mutual Bank mobile banking app for iOS is a mobile banking app for iOS from Think Mutual Bank that provides quick access to manage customer accounts, manage balances, pay bills, send money, deposit checks, set up text alerts, find branch and ATM locations and more. A security vulnerability...

5.9CVSS6.5AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2017/04/24 7:59 p.m.4 views

UBUNTU-CVE-2017-3590

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to...

3.3CVSS5.7AI score0.00406EPSS
Exploits0References3
CNVD
CNVD
added 2016/12/03 12:0 a.m.3 views

OpenJPEG Remote Heap Buffer Overflow Vulnerability

OpenJPEG is a C-based open source JPEG 2000 codec . A remote heap buffer overflow vulnerability exists in OpenJPEG versions 1.3 and 1.5.1. An attacker could exploit this vulnerability to execute arbitrary code in the context of a user-run application, which could also result in a denial of servic...

7.8CVSS8AI score0.01896EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/19 12:0 a.m.5 views

EMC RSA BSAFE Micro Edition Suite TLS Man-in-the-Middle Attack Vulnerability

EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit helps developers achieve stable and secure application design.TLS Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating...

6.7AI score
Exploits0References1
PyPA
PyPA
added 2016/09/01 11:59 p.m.6 views

PYSEC-2016-4

The Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...

5.3CVSS6.8AI score0.02226EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2016/04/21 10:59 a.m.3 views

CVE-2016-0684

Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS...

6.5CVSS7.3AI score0.01886EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/12 12:0 a.m.42 views

Unspecified Vulnerability in Pivotal Software Spring Framework Java SockJS Client

Pivotal Software Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in the Java SockJS client in Pivotal Software Spring Framework version...

5CVSS6.9AI score0.019EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/01/10 1:57 a.m.5 views

acroread: multiple code execution flaws (APSB13-02)

Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors...

10CVSS6.2AI score0.07991EPSS
Exploits1References5
OSV
OSV
added 2012/06/04 8:55 p.m.1 views

BELL-CVE-2012-0815 CVE-2012-0815 does not affect BellSoft software

Bulletin has no description...

6.8CVSS5.8AI score0.04281EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2008/08/13 2:16 p.m.7 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS7AI score0.04894EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.2 views

CVE-2006-6248

index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message...

7.8CVSS5.5AI score0.01499EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2006/09/06 8:15 p.m.5 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS6.8AI score0.04894EPSS
Exploits1References4
securityvulns
securityvulns
added 2002/07/22 12:0 a.m.28 views

Eraser advisory :)

Advisory by Eraser 5 / Продукт: Aquonics File Manager 1.5 advisory 5 Уязвимость: 1.Обратный путь в директориях 2.Повышение прав доступа Разработчик программы: www.aquonics.com Опасность: высокая Дата: 19.07.02 / --Описание-- Aquonics File Manager 1.5 - расширенный файл мэнеджер. Через первую...

0.9AI score
Exploits0
Rows per page
Query Builder