Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9566 matches found

Oracle linux
Oracle linuxadded 2016/08/04 12:0 a.m.70 views

Unbreakable Enterprise kernel security update

kernel-uek 4.1.12-37.6.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393865 CVE-2016-4470 - ovl: fix permission checking for setattr Miklos Szeredi Orabug: 24393742 CVE-2015-8660...

7.2CVSS2.5AI score0.58352EPSS
Exploits12
Oracle linux
Oracle linuxadded 2016/08/04 12:0 a.m.65 views

Unbreakable Enterprise kernel security update

2.6.39-400.283.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393863 CVE-2016-4470...

4.9CVSS2.2AI score0.00055EPSS
Exploits0
Oracle linux
Oracle linuxadded 2016/08/04 12:0 a.m.59 views

Unbreakable Enterprise kernel security update

kernel-uek 3.8.13-118.9.2 - KEYS: potential uninitialized variable Dan Carpenter Orabug: 24393864 CVE-2016-4470...

4.9CVSS2.2AI score0.00055EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2016/08/03 12:0 a.m.36 views

RHEL 7 : golang (RHSA-2016:1538) (httpoxy)

An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.8AI score0.45904EPSS
Exploits0References11
RedHat Linux
RedHat Linuxadded 2016/08/02 6:21 p.m.2 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00055EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2016/08/02 6:20 p.m.3 views

Go: sets environmental variable based on user supplied Proxy request header

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

8.1CVSS6.7AI score0.45904EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2016/08/02 1:52 p.m.0 views

kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

A flaw was found in the Linux kernel's keyring handling code: the keyrejectandlink function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation...

5.5CVSS6.7AI score0.00055EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2016/08/02 12:0 a.m.65 views

Amazon Linux AMI : php55 / php56 (ALAS-2016-728) (httpoxy)

A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. A remote attacke...

9.8CVSS7.5AI score0.80902EPSS
Exploits11References11
Amazon
Amazonadded 2016/08/01 12:0 a.m.72 views

Medium: php55, php56

Issue Overview: A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. CVE-2015-8874 An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP's gd extension. ...

9.8CVSS9.2AI score0.80902EPSS
Exploits11
OpenVAS
OpenVASadded 2016/07/27 12:0 a.m.39 views

TYPO3 Environment Variable Injection Vulnerability (Jul 2016)

TYPO3 is prone to an environment variable injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

8.1CVSS8.4AI score0.80902EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2016/07/25 12:0 a.m.26 views

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.09899EPSS
Exploits0References3
OSV
OSVadded 2016/07/25 12:0 a.m.0 views

UBUNTU-CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

6.1CVSS6.8AI score0.09899EPSS
Exploits0References4
OSV
OSVadded 2016/07/23 12:0 a.m.7 views

DLA-557-1 dietlibc - security update

Bulletin has no description...

7.2AI score
Exploits0
NVD
NVDadded 2016/07/22 2:59 a.m.15 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.8CVSS6.8AI score0.02713EPSS
Exploits0References10
Prion
Prionadded 2016/07/22 2:59 a.m.19 views

Design/Logic Flaw

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.8CVSS6.1AI score0.02713EPSS
Exploits0References10
Cvelist
Cvelistadded 2016/07/22 1:0 a.m.17 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.2AI score0.02713EPSS
Exploits0References10
Debian CVE
Debian CVEadded 2016/07/22 1:0 a.m.27 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.8CVSS7.4AI score0.02713EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2016/07/22 1:0 a.m.36 views

CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.8CVSS7.3AI score0.02713EPSS
Exploits0
OSV
OSVadded 2016/07/21 12:0 a.m.1 views

UBUNTU-CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors...

7.5CVSS7.2AI score0.02713EPSS
Exploits0References10
Amazon
Amazonadded 2016/07/20 12:0 a.m.57 views

Important: httpd24, httpd

Issue Overview: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remot...

8.1CVSS7.3AI score0.51564EPSS
Exploits0
Rows per page
Query Builder