Lucene search

K

OSCA-550, OSCA-550A Security Vulnerabilities

mskb
mskb

Description of the security update for SharePoint Server 2010: July 14, 2020

Description of the security update for SharePoint Server 2010: July 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

7.8AI Score

0.868EPSS

2020-07-14 07:00 AM
135
mskb
mskb

Description of the security update for SharePoint Enterprise Server 2013: July 14, 2020

Description of the security update for SharePoint Enterprise Server 2013: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see.....

8.9AI Score

0.013EPSS

2020-07-14 07:00 AM
18
nessus
nessus

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only (which includes security fixes) : Increase cache buffers size to accomodate VLAN edits (#594) Correct L2 header length to correct IP header offset (#583) Fix warnings from gcc version 10 (#580) Heap Buffer Overflow in randomize_iparp (#579) ...

9.1CVSS

8.9AI Score

0.003EPSS

2020-06-25 12:00 AM
7
nessus
nessus

Fedora 32 : tcpreplay (2020-f47830961a)

This release contains bug fixes only (which includes security fixes) : Increase cache buffers size to accomodate VLAN edits (#594) Correct L2 header length to correct IP header offset (#583) Fix warnings from gcc version 10 (#580) Heap Buffer Overflow in randomize_iparp (#579) ...

9.1CVSS

8.9AI Score

0.003EPSS

2020-06-24 12:00 AM
8
metasploit
metasploit

Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access

This module tests for a logic vulnerability in the Cisco VPN Concentrator 3000 series. It is possible to execute some FTP statements without authentication (CWD, RNFR, MKD, RMD, SIZE, CDUP). It also appears to have some memory leak bugs when working with CWD commands. This module simply creates an....

0.3AI Score

2020-06-22 10:11 AM
29
mskb
mskb

Description of the security update for SharePoint Server 2010: June 9, 2020

Description of the security update for SharePoint Server 2010: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following....

6.5AI Score

0.001EPSS

2020-06-09 07:00 AM
15
mskb
mskb

Description of the security update for SharePoint Server 2010: May 12, 2020

Description of the security update for SharePoint Server 2010: May 12, 2020 Summary This security update resolves a cross-site-scripting (XSS) vulnerability that exists if Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. To...

5.7AI Score

0.001EPSS

2020-05-12 07:00 AM
33
zdt
zdt

Sky File 2.1.0 iOS - Directory Traversal Vulnerability

Exploit for php platform in category web...

AI Score

2020-04-23 12:00 AM
26
exploitdb

7.4AI Score

2020-04-23 12:00 AM
553
openbugbounty
openbugbounty

lerciopinto.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1148367 Security Researcher DkilerS2 Helped patch 112 vulnerabilities Received 4 Coordinated Disclosure badges Received 8 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting lerciopinto.pt website and...

AI Score

2020-04-21 01:37 PM
8
zdt
zdt

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit

IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download...

7.4AI Score

2020-04-21 12:00 AM
57
vulnerlab

0.3AI Score

2020-04-21 12:00 AM
27
packetstorm

0.1AI Score

2020-04-21 12:00 AM
87
zdi
zdi

Oracle VirtualBox xHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

7.5CVSS

5AI Score

0.001EPSS

2020-04-20 12:00 AM
17
mskb
mskb

Description of the security update for SharePoint Enterprise Server 2013: April 14, 2020

Description of the security update for SharePoint Enterprise Server 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft SharePoint when the software fails to check the source markup of an application package. To learn more about....

9AI Score

0.017EPSS

2020-04-14 07:00 AM
13
mskb
mskb

Description of the security update for Outlook 2013: April 14, 2020

Description of the security update for Outlook 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists when Microsoft Office improperly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities...

8.6AI Score

0.047EPSS

2020-04-14 07:00 AM
27
mskb
mskb

Description of the security update for SharePoint Server 2010: April 14, 2020

Description of the security update for SharePoint Server 2010: April 14, 2020 Summary This security update resolves a cross-site-scripting (XSS) vulnerability that exists if Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. To....

5.7AI Score

0.001EPSS

2020-04-14 07:00 AM
15
mskb
mskb

MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015

MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015 Introduction This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file...

7.7AI Score

2020-04-13 12:00 AM
27
cve
cve

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

4.6CVSS

4.6AI Score

0.001EPSS

2020-04-10 02:15 PM
88
nvd
nvd

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

4.6CVSS

4.6AI Score

0.001EPSS

2020-04-10 02:15 PM
prion
prion

Input validation

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

4.6CVSS

4.6AI Score

0.001EPSS

2020-04-10 02:15 PM
5
cvelist
cvelist

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

4.7AI Score

0.001EPSS

2020-04-10 01:59 PM
veracode
veracode

Arbitrary Code Execution

cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the...

4AI Score

0.082EPSS

2020-04-10 12:18 AM
6
huawei
huawei

Security Advisory - Insufficient Integrity Validation Vulnerability in Several Products

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB. (Vulnerability ID:...

4.6CVSS

4.9AI Score

0.001EPSS

2020-04-08 12:00 AM
30
openbugbounty
openbugbounty

338online.es Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1128125 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting 338online.es website and...

0.1AI Score

2020-03-29 11:55 AM
5
cve
cve

CVE-2020-1879

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

3.9CVSS

4.3AI Score

0.0004EPSS

2020-03-20 04:15 PM
69
nvd
nvd

CVE-2020-1879

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

3.9CVSS

4.2AI Score

0.0004EPSS

2020-03-20 04:15 PM
prion
prion

Input validation

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

3.9CVSS

4.3AI Score

0.0004EPSS

2020-03-20 04:15 PM
5
cvelist
cvelist

CVE-2020-1879

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

4.3AI Score

0.0004EPSS

2020-03-20 03:02 PM
threatpost
threatpost

Activities of a Nigerian Cybercriminal Uncovered

Ever wonder who’s behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they’re enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...

-0.3AI Score

2020-03-17 12:16 PM
54
threatpost
threatpost

Activities of a Nigerian Cybercriminal Uncovered

Ever wonder who’s behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they’re enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...

-0.3AI Score

2020-03-17 12:16 PM
6
thn
thn

Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream

Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in a report shared...

0.3AI Score

2020-03-17 10:20 AM
36
hackerone
hackerone

Internet Bug Bounty: CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()

Hello, There is an out-of-bounds write that is likely exploitable while performing Huffman decoding of Fax images. The technical details are as follows. # Type: integer underflow produces out of bounds heap/etc write # Platform: 32-bit # Details: 390 MagickExport MagickPassFail...

9.8CVSS

9.6AI Score

0.002EPSS

2020-03-11 10:27 AM
25
huawei
huawei

Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications. (Vulnerability ID: HWPSIRT-2019-10070) This vulnerability has been...

3.9CVSS

4.8AI Score

0.0004EPSS

2020-03-11 12:00 AM
16
trendmicroblog
trendmicroblog

Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security

On March 3, 2020, the cyber division of Federal Bureau of Investigation (FBI) issued a private industry notification calling out Business Email Compromise (BEC) scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email...

-0.4AI Score

2020-03-10 05:27 PM
33
mskb
mskb

Description of the security update for SharePoint Server 2010: March 10, 2020

Description of the security update for SharePoint Server 2010: March 10, 2020 Summary This security update resolves a vulnerability that is caused if SharePoint Server does not correctly sanitize a specially crafted request to an affected SharePoint server. To learn more about the vulnerability,...

5.8AI Score

0.001EPSS

2020-03-10 07:00 AM
24
nvd
nvd

CVE-2020-1842

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability....

6.8CVSS

6.7AI Score

0.001EPSS

2020-02-18 04:15 AM
cve
cve

CVE-2020-1842

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability....

6.8CVSS

6.6AI Score

0.001EPSS

2020-02-18 04:15 AM
76
prion
prion

Authentication flaw

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability....

6.8CVSS

6.7AI Score

0.001EPSS

2020-02-18 04:15 AM
2
nvd
nvd

CVE-2020-1855

Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful...

6.1CVSS

6.2AI Score

0.001EPSS

2020-02-18 03:15 AM
nvd
nvd

CVE-2020-1843

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability...

6.8CVSS

6.4AI Score

0.001EPSS

2020-02-18 03:15 AM
1
cve
cve

CVE-2020-1843

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability...

6.8CVSS

6.4AI Score

0.001EPSS

2020-02-18 03:15 AM
67
cve
cve

CVE-2020-1855

Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful...

6.1CVSS

6.2AI Score

0.001EPSS

2020-02-18 03:15 AM
65
nvd
nvd

CVE-2020-1789

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the...

6.8CVSS

6.7AI Score

0.001EPSS

2020-02-18 03:15 AM
cve
cve

CVE-2020-1789

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the...

6.8CVSS

6.6AI Score

0.001EPSS

2020-02-18 03:15 AM
67
prion
prion

Design/Logic Flaw

Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful...

6.1CVSS

6.2AI Score

0.001EPSS

2020-02-18 03:15 AM
8
prion
prion

Authentication flaw

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the...

6.8CVSS

6.6AI Score

0.001EPSS

2020-02-18 03:15 AM
4
prion
prion

Design/Logic Flaw

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability...

6.8CVSS

6.5AI Score

0.001EPSS

2020-02-18 03:15 AM
12
cvelist
cvelist

CVE-2020-1842

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability....

6.7AI Score

0.001EPSS

2020-02-18 03:03 AM
Total number of security vulnerabilities1289