Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying entries 1 - 10 of 54968 in total

MQAC.sys Arbitrary Write Privilege Escalation Exploit

Disclosed: July 22, 2014

A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.

ELSA-2014-0907 Important: Oracle Linux 6 java-1.6.0-openjdk security and bug fix update Vulnerability

  • Severity: 4
  • Published: July 20, 2014

Oracle Linux Security Advisory ELSA-2014-0907 https://rhn.redhat.com/errata/RHSA-2014-0907.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: java-1.6.0-openjdk-1.6.0.0-6.1.13.4.el6_5.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-6.1.13.4.el6_5.i686.rpm java-1.6.0-openjdk-devel-1....

USN-2293-1: CUPS vulnerability Vulnerability

  • Severity: 4
  • Published: July 20, 2014

Francisco Alonso discovered that the CUPS web interface incorrectlyvalidated permissions on rss files. A local attacker could possibly usethis issue to bypass file permissions and read arbitrary files, possiblyleading to a privilege escalation. The problem can be corrected by updating your system to the following package version: To upd...

DSA-2983-1 drupal7 -- security update Vulnerability

  • Severity: 4
  • Published: July 19, 2014

Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. More information can be found at

Apache HTTPD: mod_deflate denial of service (CVE-2014-0118) Vulnerability

  • Severity: 4
  • Published: July 17, 2014

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_deflate. Review your web server configuration for validation. A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could caus...

Apache HTTPD: mod_cache crash (CVE-2013-4352) Vulnerability

  • Severity: 4
  • Published: July 17, 2014

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_cache. Review your web server configuration for validation. A NULL pointer dereference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. (Note that this vulnerabilit...

DSA-2981-1 polarssl -- security update Vulnerability

  • Severity: 4
  • Published: July 17, 2014

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its ...

Apache HTTPD: mod_proxy denial of service (CVE-2014-0117) Vulnerability

  • Severity: 4
  • Published: July 17, 2014

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_proxy. Review your web server configuration for validation. A flaw was found in mod_proxy in httpd versions 2.4.6 to 2.4.9. A remote attacker could send a carefully crafted request to a server configured as a reverse proxy, a...

Apache HTTPD: mod_cgid denial of service (CVE-2014-0231) Vulnerability

  • Severity: 4
  • Published: July 17, 2014

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_cgid. Review your web server configuration for validation. A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to han...