CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kaspersky•added 2016/09/13 12:0 a.m.•210 views

KLA10874 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper memory...

9.3CVSS8AI score0.28595EPSS

Exploits4References40

Kaspersky•added 2016/09/13 12:0 a.m.•71 views

KLA10873 Multiple vulnerabilities in Microsoft Server Software

Multiple serious vulnerabilities have been found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities 1. An improper email messages parsing can be...

7.4CVSS6.4AI score0.15265EPSS

Exploits1References9

OSV•added 2016/09/01 10:59 a.m.•3 views

CVE-2016-3008

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956...

5.4CVSS5.9AI score0.00168EPSS

Exploits0References2

OSV•added 2016/09/01 10:59 a.m.•3 views

CVE-2016-2997

Cross-site scripting XSS vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-300...

5.4CVSS5.9AI score0.00199EPSS

5.4CVSS5.7AI score0.00199EPSS

CVE-2016-2995

Exploits0References4

5.4CVSS5.7AI score0.00168EPSS

CVE-2016-2956

5.4CVSS5.7AI score0.00168EPSS

CVE-2016-2954

5.4CVSS5.7AI score0.00168EPSS

CVE-2016-3008

BDU FSTEC•added 2016/08/31 12:0 a.m.•3 views

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/media/platform/msm/camerav2/sensor/actuator/msmactuator.c component of Qualcomm’s Android operating system is related to improper handling of user interface elements. Exploiting this vulnerability can allow a malicious actor to increase their privileges through a...

6.8CVSS7.2AI score0.00076EPSS

Exploits0References3Affected Software1

Hacker One•added 2016/08/27 8:33 p.m.•9 views

Legal Robot: Click Jacking

Hey legalRobot! I have found Click Jacking type of Vulnerability in your Website Now The Question is What is Click Jacking. Click Jacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what...

7AI score

Exploits0

CNVD•added 2016/08/24 12:0 a.m.•1 views

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06646)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

5.4CVSS6.3AI score0.00199EPSS

CNVD•added 2016/08/24 12:0 a.m.•4 views

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06647)

5.4CVSS6.3AI score0.00199EPSS

RedHat Linux•added 2016/08/18 5:43 p.m.•3 views

CloudForms: Lack of field filters on user input

It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms...

8.8CVSS6.1AI score0.01452EPSS

Exploits0References4

RedHat Linux•added 2016/08/16 7:9 a.m.•1 views

foreman: API and UI actions/URLs not limited to the orgs/locations assigned

It was found that the foreman API and UI actions and URLs are not properly limited to the organizations and locations they were assigned to. This could allow an attacker to view and update other organizations and locations in the system that they should not be allowed to...

8.8CVSS7.3AI score0.00175EPSS

Exploits0References4

n0where•added 2016/08/09 4:0 p.m.•27 views

Bluetooth Smart MITM Framework: BtleJuice

Bluetooth Smart MITM Framework BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install...

7.3AI score

Kaspersky•added 2016/08/03 12:0 a.m.•31 views

KLA10850 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions or conduct another unknown impact. Below is a complete list of vulnerabilities 1. Lack of restriction...

9.8CVSS9.5AI score0.02836EPSS