Page 29 of 149 results (0.018 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-9259

https://notcve.org/view.php?id=CVE-2016-9259

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1037293 https://www.tenable.com/security/tns-2016-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-9260

https://notcve.org/view.php?id=CVE-2016-9260

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarias a través de vectores relacionados con el manejo de archivos .nessus. • http://jvn.jp/en/jp/JVN12796388/index.html http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html http://www.securityfocus.com/bid/95772 https://www.tenable.com/security/tns-2016-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2016-4055

https://notcve.org/view.php?id=CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." La función duration en el paquete moment en versiones anteriores a 2.11.2 para Node.js permite a atacantes remotos provocar una denegación de servicio (consumo de CPU ) a través de una cadena larga, vulnerabilidad también conocida como "Denial of Service (ReDoS) de expresión regular". • http://www.openwall.com/lists/oss-security/2016/04/20/11 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95849 https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5179

https://notcve.org/view.php?id=CVE-2017-5179

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/95307 http://www.securitytracker.com/id/1037558 https://www.tenable.com/security/tns-2017-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 42EXPL: 0

CVE-2016-4448 – libxml2: Format string vulnerability

https://notcve.org/view.php?id=CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.openwall.com/lists/oss-security/2016/05/25/2 http://www • CWE-134: Use of Externally-Controlled Format String •