CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2014/11/17 5:8 p.m.•2 views

rubygem-actionpack: number_to_currency XSS

It was found that the numbertocurrency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting XSS attack on an application that uses data submitted by a user in the unit parameter...

4.3CVSS5.6AI score0.03171EPSS

Exploits0References4

Fedora•added 2014/11/01 4:22 p.m.•51 views

[SECURITY] Fedora 21 Update: python-oauth2-1.5.211-8.fc21

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

Fedora•added 2014/10/28 6:45 a.m.•17 views

[SECURITY] Fedora 20 Update: python-oauth2-1.5.211-8.fc20

NVD•added 2014/10/10 10:55 a.m.•17 views

CVE-2014-3389

The VPN implementation in Cisco ASA Software 7.2 before 7.25.15, 8.2 before 8.25.51, 8.3 before 8.32.42, 8.4 before 8.47.23, 8.6 before 8.61.15, 9.0 before 9.04.24, 9.1 before 9.15.12, 9.2 before 9.22.6, and 9.3 before 9.31.1 does not properly implement a tunnel filter, which allows remote...

9CVSS6.1AI score0.02797EPSS

Fedora•added 2014/09/27 9:51 a.m.•20 views

[SECURITY] Fedora 21 Update: python-oauth2-1.5.211-7.fc21

Fedora•added 2014/09/26 9:6 a.m.•21 views

[SECURITY] Fedora 20 Update: python-oauth2-1.5.211-7.fc20

Fedora•added 2014/09/26 9:4 a.m.•22 views

[SECURITY] Fedora 19 Update: python-oauth2-1.5.211-7.fc19

Cisco•added 2014/09/19 5:51 p.m.•29 views

Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability

A vulnerability in parsing of malformed Multiprotocol Label Switching MPLS packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 Series Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor unit NPU and a line...

6.1CVSS6.6AI score0.00873EPSS

OSV•added 2014/08/22 2:55 p.m.•1 views

DEBIAN-CVE-2014-5149

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service vcpu consumption by invoking these operations, which process every page assigned to a guest, a different vulnerability tha...

4.7CVSS8.4AI score0.00428EPSS

RedHat Linux•added 2014/08/21 3:29 p.m.•4 views

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...

4.3CVSS6.7AI score0.37156EPSS

Exploits0References5

ThreatPost•added 2014/07/07 10:4 a.m.•7 views

All Seized Domains Returned to No-IP

Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP. When Microsoft announced the takedown on June 30, officials said that the company h...

1.9AI score

ThreatPost•added 2014/07/02 9:59 a.m.•11 views

Microsoft Says 'Technical Error' Led to Legitimate No-IP Customers Losing Service

In the course of its actions to take down a major malware operation, Microsoft seized more than 20 domains from No-IP.com, a hosting provider in Nevada. Microsoft now admits that the company made a technical mistake as part of that takedown, an errors that resulted in legitimate No-IP.com custome...

0.9AI score

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Smartwin Technology CyberOffice Shopping Cart 2.0 Price Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1733/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. The order form CyberOffice Shopping Cart utilizes can be easily modifi...

7.1AI score

ThreatPost•added 2014/06/10 1:1 p.m.•16 views

China Putter Panda APT Attacks Linked to PLA Unit 61486

With indictments still fresh against a handful of Chinese nationals accused of hacking American companies and stealing intellectual property, another branch of the People’s Liberation Army and allegedly one of its officers have been outed for cyberespionage against U.S. and European aerospace and...

1.6AI score

Exploits0References5

Positive Technologies•added 2014/06/10 12:0 a.m.•6 views

PT-2014-3524 · Apache +1 · Apache Tomcat 7 +1

Name of the Vulnerable Software and Affected Versions: tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux RHEL 7 Description: A crafted request can cause a denial of service due to CPU consumption. This issue is a result of an unspecified regression. Recommendations: For the tomcat7...

5.8CVSS6.3AI score0.16833EPSS

Exploits4References10

NVD•added 2014/06/05 5:55 p.m.•12 views

CVE-2014-1997

The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors...

7.8CVSS6.8AI score0.01799EPSS

Cvelist•added 2014/06/05 5:0 p.m.•15 views

CVE-2014-1997

The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier allows remote attackers to cause a denial of service via unspecified vectors...

6.8AI score0.01799EPSS