Vulnerability & Exploit Database

Displaying entries 1 - 10 of 90700 in total

Apache OpenOffice Text Document Malicious Macro Execution Exploit

Disclosed: February 08, 2017

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automa...

Cisco ASA: Clientless SSL VPN CIFS Heap Overflow Vulnerability (cisco-sa-20170208-asa) (CVE-2017-3807) Vulnerability

  • Severity: 4
  • Published: February 08, 2017

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability b...

F5 Networks: K05121675 (CVE-2016-9244): K05121675: F5 TLS vulnerability CVE-2016-9244 Vulnerability

  • Severity: 4
  • Published: February 08, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From K05121675:

A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory.

SUSE: CVE-2017-2583: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: February 06, 2017

The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.

Cisco SAN-OS: Cisco Software Encryption Library Information Disclosure Vulnerability (CVE-2011-4667) Vulnerability

  • Severity: 4
  • Published: February 06, 2017

The Cisco Security Intelligence Operations Portal (SIOP) is a free, customer-facing website that is part of Cisco’s Security Services presence and strategy, and resides at cisco.com/security. Cisco software contains a vulnerability that could allow an unauthenticated, remote attacker to access sensitive information on a targeted syste...

Cent OS: CVE-2016-9577: CESA-2017:0254 (spice) Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:0253:

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can ...

SUSE: CVE-2016-10068: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-10068:

This CVE is addressed in the SUSE advisories openSUSE-SU-2017:0391-1, openSUSE-SU-2017:0399-1.

SUSE: CVE-2016-9577: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:0253:

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can ...

Ubuntu: USN-3191-1 (CVE-2016-7586): WebKitGTK+ vulnerabilities Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3191-1:

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a maliciou...

SUSE: CVE-2016-10070: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: February 05, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-10070:

This CVE is addressed in the SUSE advisories openSUSE-SU-2017:0391-1, openSUSE-SU-2017:0399-1.