CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2016/01/05 12:0 a.m.•2 views

Wireshark DNS Resolver Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. In Wireshark version 1.12.x prior to 1.12.9, the function dissectdnsanswer within epan/dissectors/packet-dns.c in the DNS parser incorrectly handles the EDNS0 Client Subnet option in a constructed packet, which can be exploited by a remote...

5.5CVSS7.6AI score0.01525EPSS

OSV•added 2016/01/04 5:59 a.m.•5 views

CVE-2015-8719

The dissectdnsanswer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.5CVSS5.2AI score

Exploits0References8

OSV•added 2016/01/04 5:59 a.m.•2 views

DEBIAN-CVE-2015-8719

5.5CVSS7.3AI score0.01525EPSS

Prion•added 2016/01/04 5:59 a.m.•12 views

Code injection

4.3CVSS6.8AI score0.01525EPSS

Exploits0References8Affected Software1

OSV•added 2016/01/04 5:59 a.m.•1 views

UBUNTU-CVE-2015-8719

5.5CVSS6.4AI score0.01525EPSS

CNVD•added 2015/12/31 12:0 a.m.•3 views

lldp 'assert()' function denial of service vulnerability

lldp Link Layer Discovery Protocol is a link layer discovery protocol that allows network devices to advertise their device identity and performance on the local subnet. A denial of service vulnerability exists in lldp. An attacker could exploit this vulnerability to crash the daemon and deny...

7.5CVSS6.5AI score0.03EPSS

Cisco•added 2015/08/12 6:5 p.m.•74 views

Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability

A vulnerability in the Unicast Reverse Path Forwarding uRPF feature in the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to bypass the uRPF validation checks. The vulnerability is due to incorrect uRPF validation where IP packets from an outside interface,...

5CVSS6.5AI score0.01733EPSS

n0where•added 2015/06/30 6:8 p.m.•25 views

Bridging OpenVPN

OpenVPN supports two very different means for interconnecting networks: routing and bridging. Routing refers to the interconnection of separate and independent “sub-networks” subnets which have non-overlapping ranges of IP addresses. Upon receiving a packet sent to it, a network “router” examines...

7AI score

Tenable Nessus•added 2015/06/04 12:0 a.m.•41 views

Amazon Linux AMI : chrony (ALAS-2015-539)

As reported upstream : When NTP or cmdmon access was configured from chrony.conf or via authenticated cmdmon with a subnet size that is indivisible by 4 and an address that has nonzero bits in the 4-bit subnet remainder e.g. 192.168.15.0/22 or f000::/3, the new setting was written to an incorrect...

6.5CVSS7.6AI score0.03439EPSS

NVD•added 2015/04/16 2:59 p.m.•20 views

CVE-2015-1821

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...

6.5CVSS7.3AI score0.03439EPSS

OSV•added 2015/04/16 2:59 p.m.•2 views

DEBIAN-CVE-2015-1821

6.5CVSS8.1AI score0.03439EPSS

OSV•added 2015/04/16 2:59 p.m.•1 views

UBUNTU-CVE-2015-1821

6.5CVSS7.8AI score0.03439EPSS

Debian CVE•added 2015/04/16 2:0 p.m.•28 views

CVE-2015-1821

6.5CVSS7.5AI score0.03439EPSS

Positive Technologies•added 2015/04/12 12:0 a.m.•2 views

PT-2015-5458 · Chrony +3 · Chrony +3

Name of the Vulnerable Software and Affected Versions: chrony versions prior to 1.31.1 Description: The issue allows remote authenticated users to cause a denial of service or possibly execute arbitrary code by configuring NTP or cmdmon access with a subnet size that is indivisible by four and an...

6.5CVSS7.2AI score0.03439EPSS

Exploits0References37

ICS•added 2015/03/05 12:0 p.m.•52 views

Network Time Protocol Vulnerabilities (Supplement Update A)

OVERVIEW --------- Begin Update A Part 1 of 2 -------- This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01C Network Time Protocol Vulnerabilities that was published February 5, 2015, on the ICS‑CERT web site. --------- End Update A Part 1 of 2 ----------...

7.5CVSS6.8AI score0.7809EPSS

Exploits3References28

NVD•added 2015/01/15 3:59 p.m.•18 views

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

4CVSS6.2AI score0.01919EPSS

Debian CVE•added 2015/01/15 3:0 p.m.•20 views

CVE-2014-8153

4CVSS6AI score0.01919EPSS