Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SecurityvulnsRecent
RecentMost viewed

47153 matches found

securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.59 views

[ MDVSA-2014:084 ] libpng

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:084 http://www.mandriva.com/en/support/security/ Package : libpng Date : May 12, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated libpng packages fix security...

5CVSS8.9AI score0.02397EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.75 views

[oss-security] CVE Reuest: Django: Malformed URLs from user input incorrectly validated

Hi The Django project announced a new security release today: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/ It fixes two issues, for which one has already a CVE CVE-2014-1418. It also fixes a second issue, for which a CVE is missing, quoting from the announcement:...

6.4CVSS1AI score0.02546EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.56 views

QEMU multiple security vulnerabilities

DoS, memory corruptions, buffer overflow...

7.5CVSS2.9AI score0.03975EPSS
Exploits5References5Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.51 views

[oss-security] Re: CVE request: Qemu: usb: fix up post load checks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://article.gmane.org/gmane.comp.emulators.qemu/272322 Here, it appears that the only security fix to http://git.qemu.org/?p=qemu.git;a=blob;f=hw/usb/bus.c;h=e48b19fc29bd9f831cc05990be73ddf49936d6a9;hb=HEAD is the insertion of the "dev-setupindex...

7.5CVSS0.1AI score0.03975EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.65 views

[oss-security] Re: local privilege escalation due to capng_lock as used in seunshare

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We think there should be a CVE ID for the combination of these two observations: 1. seunshare is intended to be setuid root see the http://userspace.selinuxproject.org/trac/browser/policycoreutils/sandbox/Makefile file 2. dropping privileges no longer...

6.9CVSS0.6AI score0.00357EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.31 views

ldns weak permissions

ldns-keygen can create world-readable private key file...

2.1CVSS1.9AI score0.00376EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.66 views

[oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS

hi, Multiple vulnerabilities were discovered in the latest version of OpenFiler appliance, 2.99.1 as reported herehttps://forums.openfiler.com/index.php?/topic/6720-arbitrary-code-execution-stored-xss-vulnerability-in-openfiler-latest-version-2991/, here http://www.exploit-db.com/exploits/33247 a...

0.8AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.38 views

EMC Documentum Foundation Services uneuthorized access

Unauthorized files access...

9CVSS3.5AI score0.02992EPSS
Exploits0References1Affected Software3
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.40 views

EncFS multiple cryptography vulnerabilities

Multiple vulnerabilities...

5CVSS1.8AI score0.03112EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.39 views

[ MDVSA-2014:085 ] ldns

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:085 http://www.mandriva.com/en/support/security/ Package : ldns Date : May 12, 2014 Affected: Business Server 1.0 Problem Description: Updated ldns packages fix security vulnerability: ldns-keygen creates a...

2.1CVSS9.3AI score0.00376EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.72 views

[oss-security] Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi oss-security, The Mumble team has just released Mumble 1.2.6, which contains fixes for the two following vulnerabilities: Mumble-SA-2014-005 http://mumble.info/security/Mumble-SA-2014-005.txt - SVG images with local file references could trigger...

6.8AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.37 views

[oss-security] CVE request: Qemu: usb: fix up post load checks

Hello, Correct post load checks: 1. dev-setuplen == sizeofdev-databuf seems fine, no need to fail migration 2. When state is DATA, passing index len will cause memcpy with negative length, resulting in heap overflow An user able to alter the saved VM dataeither on the disk or over the wire during...

0.3AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.44 views

[oss-security] Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-95 version 2 input handling vulnerabilities loading guest kernel on ARM UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= When loading a 32-bit ARM guest kernel the Xen tools did no...

0.1AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.77 views

[oss-security] CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference

Hello, Linux kernel built with the fast userspace mutexesCONFIGFUTEX support is vulnerable to a NULL pointer dereference flaw. It could occur when a waiting task requests wait to be re-queued from non-PI futex to a PI-aware futex via FUTEXWAITREQUEUEPI operation. An unprivileged user/program coul...

0.5AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.78 views

[oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size

Hello, 'CVE-2014-0222' has been assigned to this issue. Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k in fact, down to 1 entry = 8...

7.5CVSS7.1AI score0.02116EPSS
Exploits1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.41 views

seunshare privileges escalation

Insufficient privileges drop...

6.9CVSS3.4AI score0.00357EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.55 views

[USN-2211-1] libXfont vulnerabilities

========================================================================== Ubuntu Security Notice USN-2211-1 May 14, 2014 libxfont vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS0.6AI score0.04362EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.105 views

CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211

Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A Reported by: Jerzy Kramarz Details: By sending a crafted PO...

9.7CVSS0.03815EPSS
Exploits6
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.33 views

BROADCOM PIPA C211 authentication bypass

Device configuration may be accessed without authentication...

9.7CVSS3.4AI score0.03815EPSS
Exploits6References1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.60 views

[oss-security] CVE request: Pyplate multiple vulnerabilities

Hello list, My friend Teemu V. "requested" security audit for Pyplate. While quickly checking quality of this software I noticed following issues. This is not a full security audit as I don't have much free time. Tested version: v0.08 still beta Vendor notification: 2014-05-13 Issue 1. Installati...

0.3AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.36 views

RSA NetWitness / RSA Security Analytics authentication bypass

Under some conditions, login with empty password is allowed...

7.6CVSS4.6AI score0.0235EPSS
Exploits0References1Affected Software2
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.66 views

ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability

ESA-2014-027.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability EMC Identifier: ESA-2014-027 CVE Identifier: CVE-2014-0643 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected...

7.6CVSS0.2AI score0.0235EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.39 views

libXfont multiple security vulnerabilities

DoS, memory corruptions...

7.5CVSS2.3AI score0.04362EPSS
Exploits0References2Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.81 views

[oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer

Good morning, Could a CVE please be assigned to http://seclists.org/fulldisclosure/2014/May/44 if one has not been already? Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch applies, but I did not test it. For an older version, drupal6-flag-1.3-3.fc19 appears unaffected. Cheers...

1.8AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.72 views

Multiple Stored XSS in FOG Image deployment system - FD

Vulnerability title: Multiple Stored Cross-Site scripting CVE: CVE-2014-3111 Vendor: FOG Project Product: FOG Imaging system Affected version: 0.27 – 0.32latest Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- Latest and...

3.5CVSS0.8AI score0.00978EPSS
Exploits2
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.53 views

[oss-security] A number of EncFS issues

Hi, https://defuse.ca/audits/encfs.htm discusses a number of issues in EncFS: "Same Key Used for Encryption and Authentication" "Stream Cipher Used to Encrypt Last File Block" "Generating Block IV by XORing Block Number" "File Holes are Not Authenticated" "MACs Not Compared in Constant Time"...

7.1AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.30 views

libgadu buffer overflow

Buffer overflow on server response parsing...

7.5CVSS5AI score0.0378EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.67 views

[oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont

ANNOUNCE XOrg Security Advisory: Multiple issues in libXfont.eml Тема: ANNOUNCE X.Org Security Advisory: Multiple issues in libXfont От: Alan Coopersmith [email protected] Дата: 13.05.2014 19:08 Кому: [email protected] Копия: [email protected], [email protected] X.Org Securi...

7.5CVSS1AI score0.04362EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.98 views

[SECURITY] [DSA 2926-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2926-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 12, 2014 http://www.debian.org/security/faq -...

7.2CVSS0.9AI score0.22475EPSS
Exploits14
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.109 views

[oss-security] CVE request: various NodeJS module vulnerabilities

Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE; CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660 https://nodesecurity.io/advisories printer potential command...

6.8CVSS0.8AI score0.17186EPSS
Exploits7
securityvulns
securityvulnsadded 2014/05/15 12:0 a.m.146 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

8.5CVSS1.6AI score0.34012EPSS
Exploits25References9Affected Software7
securityvulns
securityvulnsadded 2014/05/14 12:0 a.m.29 views

Microsoft Publisher uninitialized pointer dereference

Uninitialized pointer dereference on file parsing...

9.3CVSS3.3AI score0.14254EPSS
Exploits1Affected Software1
securityvulns
securityvulnsadded 2014/05/14 12:0 a.m.118 views

Microsoft Windows multiple security vulnerabilities

Windows File Handling code execution, Group Policy Preferences privileges escalation. .Net privileges escalation. Windows Shell privileges escalation. iSCSI DoS...

10CVSS2.3AI score0.64309EPSS
Exploits11Affected Software1
securityvulns
securityvulnsadded 2014/05/14 12:0 a.m.99 views

Microsoft Office multiple security vulnerabilities

Memory corruptions, buffer overflows, protection bypass...

9.3CVSS3.5AI score0.77734EPSS
Exploits10Affected Software4
securityvulns
securityvulnsadded 2014/05/14 12:0 a.m.57 views

Microsoft SharePoint Server multiple security vulnerabilities

Code execution, crossite scripting...

9CVSS1.8AI score0.14199EPSS
Exploits0Affected Software3
securityvulns
securityvulnsadded 2014/05/14 12:0 a.m.61 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions...

10CVSS2AI score0.88013EPSS
Exploits9Affected Software1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.44 views

[oss-security] CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message

Hello, Linux kenrel built with the BPF interpreter support in the networking core is vulnerable to an out of bounds buffer access flaw. It occurs when accessing a netlink attribute from the skb-data buffer. An unprivileged user/program could use this flaw to crash the system kernel resulting in...

0.2AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.43 views

HP Network Node Manager crossite scripting

No description provided...

4.3CVSS1.1AI score0.02491EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.40 views

[SECURITY] [DSA 2925-1] rxvt-unicode security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2925-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 08, 2014 http://www.debian.org/security/faq -...

7.6CVSS2AI score0.041EPSS
Exploits0
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.29 views

AVG Remote Administration multiple security vulnerabilities

Authentication bypass, code execution, static encryption key...

3AI score
Exploits0References1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.78 views

[ MDVSA-2014:081 ] apache-mod_security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:081 http://www.mandriva.com/en/support/security/ Package : apache-modsecurity Date : May 8, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated apache-modsecurity packages...

5CVSS6.2AI score0.02648EPSS
Exploits2
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.42 views

GNU Emacs

Symbolic links vulnerability on temporary files creation...

3.3CVSS1.7AI score0.00347EPSS
Exploits0References1Affected Software2
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.131 views

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

4.3CVSS0.2AI score0.53703EPSS
Exploits2
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.32 views

HP Fibre Channel switches information leakage

No description provided...

1.7CVSS0.5AI score0.01201EPSS
Exploits0References1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.36 views

Cisco WebEx multiple security vulnerabilities

Memory corruption on different formats parsing...

9.3CVSS2.6AI score0.03831EPSS
Exploits0Affected Software1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.62 views

NVidia drivers privilege escalation

Privilege escalation via X.Org drivers...

7.2CVSS5AI score0.00415EPSS
Exploits0References1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.28 views

rxvt-unicode code execution

No description provided...

7.6CVSS1.8AI score0.041EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.48 views

Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier

Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Versions: 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: Jamal Pecou Securit...

0.8AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.69 views

[oss-security] CVE request: python-lxml clean_html() input sanitization flaw

Hi, can a CVE be assigned to the following issue? The lxml.html.clean module cleans up HTML by removing embedded or script content, special tags, CSS style annotations and much more. It was found 1 that the cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML...

0.1AI score
Exploits0
securityvulns
securityvulnsadded 2014/05/10 12:0 a.m.71 views

[oss-security] CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities

Advisory ID: HTB23210 Product: Offiria Vendor: Slashes Dots Sdn Bhd. Vulnerable Versions: 2.1.0 and probably prior Tested Version: 2.1.0 Advisory Publication: April 2, 2014 without technical details Vendor Notification: April 2, 2014 Public Disclosure: May 7, 2014 Vulnerability Type: Cross-Site...

4.3CVSS0.7AI score0.01193EPSS
Exploits3
Total number of security vulnerabilities47153