CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6687 matches found

Cvelist•added 2014/06/02 3:0 p.m.•17 views

CVE-2013-1348

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...

7.2AI score0.00619EPSS

Exploits0References4

CVE•added 2014/06/02 3:0 p.m.•71 views

CVE-2013-1348

CVE-2013-1348 affects Symfony 2.0.x before 2.0.22 where the YAML parsing path in Yaml::parse can allow remote code execution of PHP via a crafted PHP file. Root cause: insecure handling in YAML parsing that enables arbitrary PHP code execution. Impact: remote attacker could execute code with the ...

7.5CVSS7.3AI score0.00619EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2014/03/11 4:56 p.m.•1 views

ruby: heap overflow in floating point parsing

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

6.8CVSS7.4AI score0.11958EPSS

Exploits3References4

OSV•added 2014/03/03 4:55 p.m.•1 views

DEBIAN-CVE-2014-2013

Stack-based buffer overflow in the xpsparsecolor function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element...

7.5CVSS8.3AI score0.34472EPSS

Exploits1References1

ATTACKERKB•added 2014/03/03 4:55 p.m.•2 views

CVE-2014-2013

7.5CVSS6.4AI score0.34472EPSS

Exploits1References13

Mageia•added 2014/02/25 9:35 p.m.•50 views

Updated springframework package fixes security vulnerabilities

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS0.6AI score0.38725EPSS

Exploits0References2

Fedora•added 2014/02/12 2:41 p.m.•16 views

[SECURITY] Fedora 19 Update: fwsnort-1.6.4-1.fc19

fwsnort translates Snort rules into equivalent iptables rules and generates a Bourne shell script that implements the resulting iptables commands. In addition, fwsnort optionally uses the IPTables::Parse module to parse the iptables ruleset on the machine to determine which Snort rules are applic...

4.4CVSS1.2AI score0.00088EPSS

Exploits2

Fedora•added 2014/02/12 2:38 p.m.•13 views

[SECURITY] Fedora 20 Update: fwsnort-1.6.4-1.fc20

4.4CVSS1.2AI score0.00088EPSS

Exploits2

Tenable Nessus•added 2014/02/10 12:0 a.m.•41 views

Debian DSA-2857-1 : libspring-java - several vulnerabilities

6.8CVSS7AI score0.67951EPSS

Exploits1References5

OpenVAS•added 2014/02/08 12:0 a.m.•48 views

Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)

6.8CVSS5.8AI score0.67951EPSS

Exploits1References1

myhack58•added 2014/01/30 12:0 a.m.•14 views

phpcms foreground and(background permissions)getshell1-vulnerability warning-the black bar safety net

1, The first first reception of it, to estimate a lot of stations are starting to fill up. For phpcms 2 0 0 8, the secondary attack category, a secondary analysis getshell it. In uploadfield. php br / $uploadallowext = ! empty$C'uploadallowext' ? $C'uploadallowext' : $info'uploadallowext';/p p //...

7.1AI score

Exploits0

RedHat Linux•added 2013/12/11 2:24 a.m.•3 views

php: memory corruption in openssl_x509_parse()

The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

7.5CVSS7.1AI score0.40224EPSS

Exploits8References4

NVD•added 2013/12/07 9:55 p.m.•14 views

CVE-2013-0852

The parsepicturesegment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access...

9.3CVSS6.6AI score0.00835EPSS

Exploits0References3

RedHat Linux•added 2013/11/25 6:59 p.m.•0 views

ruby: heap overflow in floating point parsing

6.8CVSS7.4AI score0.11958EPSS

Exploits3References4

RedHat Linux•added 2013/11/25 6:52 p.m.•2 views

ruby: heap overflow in floating point parsing

6.8CVSS7.4AI score0.11958EPSS

Exploits3References4

Prion•added 2013/11/23 7:55 p.m.•32 views

Heap overflow

6.8CVSS8.4AI score0.11958EPSS

Exploits3References22Affected Software1

RubySec•added 2013/11/22 12:0 a.m.•35 views

CVE-2013-4164 ruby: heap overflow in floating point parsing

6.8CVSS6.1AI score0.11958EPSS

Exploits3References1Affected Software1

UbuntuCve•added 2013/11/22 12:0 a.m.•39 views

CVE-2013-4164

6.8CVSS7.4AI score0.11958EPSS

Exploits3References4

OSV•added 2013/11/22 12:0 a.m.•1 views

UBUNTU-CVE-2013-4164

6.8CVSS7.4AI score0.11958EPSS

Exploits3References5

Prion•added 2013/11/13 3:55 p.m.•11 views

Design/Logic Flaw

Cisco IOS 12.424MDB9 and earlier on Content Services Gateway CSG devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143...

6.4CVSS7.2AI score0.00155EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by