Lucene search
+L

20 matches found

CVE
CVE
added 2017/03/15 12:0 a.m.862 views

CVE-2016-7103

CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).

6.1CVSS6AI score0.2258EPSS
In wild
CVE
CVE
added 2017/10/19 5:0 p.m.265 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00697EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.242 views

CVE-2017-10378

CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...

6.5CVSS6.2AI score0.03237EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.237 views

CVE-2017-3653

CVE-2017-3653 affects the MySQL Server component (subcomponent: Server: DDL) in Oracle MySQL. Affected: MySQL Server versions 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. Description in connected advisories confirms the vulnerability is exploitable with network access via multi...

3.5CVSS3.4AI score0.01887EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.234 views

CVE-2017-3651

CVE-2017-3651 affects Oracle MySQL Server’s Client mysqldump component. Affected releases include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described in multiple advisories as a vulnerability that enables a low-privileged, network-accessing attacker to perform u...

4.3CVSS4AI score0.02049EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.225 views

CVE-2017-3641

CVE-2017-3641 details (normal mode) : A vulnerability in the MySQL Server component (subcomponent: Server: DML) affecting MariaDB/MySQL Server. Affected versions include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described as exploitable by a high-privilege attac...

4.9CVSS4.9AI score0.03198EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.222 views

CVE-2017-10384

CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...

6.5CVSS5.5AI score0.03078EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.212 views

CVE-2017-3636

CVE-2017-3636 affects the MySQL/MariaDB stack (MySQL Server component, subcomponent: Client programs). Public details in connected documents confirm affected versions include 5.5.56 and earlier and 5.6.36 and earlier (as per initial). The vulnerability is exploitable with low privileges and local...

5.3CVSS4.9AI score0.00434EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.210 views

CVE-2017-10379

CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...

6.5CVSS5.2AI score0.0228EPSS
CVE
CVE
added 2017/08/02 7:0 p.m.208 views

CVE-2017-10664

CVE-2017-10664 affects qemu-nbd in QEMU. The issue arises because SIGPIPE is not ignored, allowing remote attackers to trigger a denial of service (daemon crash) by disconnecting during a server-to-client reply. The vulnerability is referenced across multiple advisories and Nessus plugins (e.g., ...

7.5CVSS7.2AI score0.04028EPSS
CVE
CVE
added 2017/03/27 3:0 p.m.153 views

CVE-2017-5973

Technical details about CVE-2017-5973 are not publicly provided in the connected documents. Available records reference QEMU's xhci_kick_epctx vulnerability but do not expose deeper data (affected versions, exploit info, or fixes). Monitor for updates.

5.5CVSS5.5AI score0.00456EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.132 views

CVE-2017-8309

CVE-2017-8309 refers to a memory leak in QEMU’s audio subsystem (audio.c) that can be exploited remotely to cause a denial of service by repeatedly starting and stopping audio capture. The initial description explicitly states the issue and impact. Connected sources list the CVE in vendor advisor...

7.8CVSS7.1AI score0.04544EPSS
CVE
CVE
added 2017/07/25 2:0 p.m.120 views

CVE-2017-7980

CVE-2017-7980 detailed : A heap-based buffer overflow in QEMU’s Cirrus CLGD 54xx VGA Emulator (Cirrus CLGD 54xx) used with Quick Emulator/ QEMU up to version 2.8 enables a local privileged guest to execute arbitrary code or cause a denial of service by exploiting a vulnerability when a VNC client...

7.8CVSS7.2AI score0.00625EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.115 views

CVE-2017-8379

CVE-2017-8379 is a memory-leak issue in QEMU keyboard input event handling that can allow a local privileged guest user to exhaust host memory and cause a denial of service. The vulnerability is listed among fixes in Red Hat RHSA-2017:2408, which notes remediation by rebasing to QEMU 2.9.0 and re...

6.5CVSS6.1AI score0.00413EPSS
CVE
CVE
added 2017/03/31 3:0 p.m.107 views

CVE-2008-7313

CVE-2008-7313 concerns the Snoopy library’s _httpsrequest function, where remote attackers could execute arbitrary commands due to an incomplete fix for CVE-2008-4796. The issue is noted across multiple sources (Debian security tracker, Gentoo GLSA, IBM PowerKVM advisories, and CVE listings), oft...

9.8CVSS8.9AI score0.04544EPSS
CVE
CVE
added 2017/05/23 5:0 p.m.98 views

CVE-2017-9214

Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...

9.8CVSS9.3AI score0.02887EPSS
CVE
CVE
added 2017/04/21 3:0 p.m.94 views

CVE-2016-6519

OpenStack Manila CVE-2016-6519 is a cross-site scripting (XSS) vulnerability in the Shares overview. The flaw allows remote authenticated users to inject arbitrary HTML/JavaScript via the Metadata field in the Create Share form, affecting Manila prior to 2.5.1. The issue arises in the web UI comp...

5.4CVSS5AI score0.01266EPSS
CVE
CVE
added 2017/03/31 3:0 p.m.88 views

CVE-2014-5008

CVE-2014-5008: Snoopy in Nagios could allow remote command execution due to an incomplete fix related to escaping in the Snoopy library. Public advisories (Red Hat RHSA-2017-0214, IBM PowerKVM bulletin, Debian DLA-357-1, Amazon ALAS-2017-899) associate the issue with Nagios/Snoopy and provide upd...

9.8CVSS9.5AI score0.0413EPSS
CVE
CVE
added 2017/12/08 3:0 p.m.85 views

CVE-2017-10906

Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...

10CVSS9.5AI score0.04581EPSS
CVE
CVE
added 2017/03/31 3:0 p.m.79 views

CVE-2014-5009

CVE-2014-5009 is a remote command-execution vulnerability in Snoopy used by Nagios. It arises from an incomplete fix for CVE-2014-5008 and is reported with high-severity scores (CVSS v3.0 up to 9.8 in the NVD entry). The provided documents identify Nagios/Nagios Core and Snoopy as the affected co...

9.8CVSS9.6AI score0.04707EPSS