Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2016/08/04 8:49 a.m.37 views

CVE-2016-5142

The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...

9.8CVSS5.9AI score0.01662EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/05/30 12:0 a.m.31 views

CVE-2016-5093

The geticuvalueinternal function in ext/intl/locale/localemethods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

8.6CVSS7.2AI score0.05487EPSS
Exploits1References3
Cvelist
Cvelist
added 2016/01/01 2:0 a.m.19 views

CVE-2015-7420

Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421...

3.9AI score0.01942EPSS
Exploits0References4
Prion
Prion
added 2015/12/03 8:59 p.m.15 views

Crlf injection

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

4.3CVSS7.2AI score0.01907EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2015/11/26 12:0 a.m.31 views

MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

7.5CVSS6.7AI score0.01459EPSS
Exploits0References2
NVD
NVD
added 2015/10/01 12:59 a.m.20 views

CVE-2015-3828

The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark BOM, which allows remote attackers to execute arbitrary code or cause a denial of service integer...

10CVSS7.8AI score0.85378EPSS
Exploits0References6
Prion
Prion
added 2015/09/17 4:59 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6.1AI score0.01428EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2015/08/16 11:59 p.m.20 views

Authentication flaw

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

4.3CVSS6.7AI score0.01935EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2015/07/06 2:59 p.m.11 views

CVE-2015-4034

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object...

7.9CVSS7.3AI score0.01202EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.53 views

openSUSE Security Update : libxml2 (openSUSE-SU-2012:1647-1)

A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

6.8CVSS9AI score0.04382EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2014/04/29 12:0 a.m.37 views

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...

9.8CVSS7.2AI score0.04648EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2014/04/06 12:0 a.m.1 views

Pangolin Automated SQL Injection tool

Pangolin is an automated SQL Injection tool. Remote attackers can use Pangolin to fetch data from the database and execute SQL statements...

8.2AI score
Exploits0
Prion
Prion
added 2014/01/15 4:8 p.m.20 views

Buffer overflow

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX...

4.3CVSS6.2AI score0.04924EPSS
Exploits0References12Affected Software9
UbuntuCve
UbuntuCve
added 2013/12/23 11:55 p.m.27 views

CVE-2013-7080

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS5.9AI score0.01207EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/11/14 12:0 a.m.36 views

CVE-2013-1741

Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...

7.5CVSS6.6AI score0.03893EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2013/10/28 12:0 a.m.30 views

WebCollab 'item' Parameter HTTP Response Splitting Vulnerability

WebCollab is prone to HTTP response splitting vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.6AI score0.02528EPSS
Exploits2References7
NVD
NVD
added 2013/09/18 10:8 a.m.20 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...

9.3CVSS7.5AI score0.0571EPSS
Exploits1References13
Vulnerability Lab
Vulnerability Lab
added 2013/06/14 12:0 a.m.25 views

Maldives Telecom ISP - SQL Injection Vulnerability

Document Title: =============== Maldives Telecom ISP - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=355 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID VL-ID: ==================================== 355 Comm...

0.5AI score
Exploits0
NVD
NVD
added 2013/01/02 11:46 a.m.21 views

CVE-2012-6460

Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site...

5CVSS6.8AI score0.01891EPSS
Exploits0References2
Vulnerability Lab
Vulnerability Lab
added 2012/07/15 12:0 a.m.18 views

Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities

Document Title: =============== Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=561 Barracuda Networks Security ID: BNSEC-278 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-I...

0.1AI score
Exploits0
Rows per page
Query Builder