Lucene search
+L

112 matches found

Cvelist
Cvelist
added 2022/05/17 7:32 p.m.26 views

CVE-2022-0486 Privileged Command Injection Vulnerability in Fidelis Network and Deception

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

4.4CVSS8AI score0.0038EPSS
Exploits1References1
CVE
CVE
added 2022/05/17 7:32 p.m.82 views

CVE-2022-0486

CVE-2022-0486 affects Fidelis Network and Deception components (CommandPost, Collector, Sensor, Sandbox) where improper file permissions allow a locally privileged attacker to modify affected files and escalate to root. Affected versions are Fidelis Network and Deception prior to 9.4.5; patches/u...

7.8CVSS6.2AI score0.0038EPSS
Exploits1References1Affected Software2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2017-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.73829EPSS
Exploits6References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2018-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.03254EPSS
Exploits0References5
CVE
CVE
added 2021/07/14 1:43 p.m.118 views

CVE-2021-0486

CVE-2021-0486 concerns Android 10–11 where, in the PermissionManagerService.java more precisely in onPackageAddedInternal, there is a permissions bypass that allows possible access to external storage. The root cause is a local-elevation-of-privilege path that does not require user interaction. T...

7.8CVSS7.6AI score0.00109EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/14 1:43 p.m.27 views

CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.9AI score0.00109EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2018:0720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.02148EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2021/02/11 12:0 a.m.63 views

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 (RHSA-2021:0486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0486 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. This release serves as...

5.9CVSS7.1AI score0.06968EPSS
Exploits3References6
CVE
CVE
added 2020/12/15 3:55 p.m.49 views

CVE-2020-0486

CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...

7.8CVSS8.2AI score0.00134EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/11/05 12:0 a.m.48 views

RHEL 8 : freetype (RHSA-2020:4949)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4949 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs...

9.6CVSS8.5AI score0.5063EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:28 a.m.38 views

Security Bulletin: April 2015 Java Platform Standard Edition Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE JDK and JRE versions below 8u45, 7u79 and 6u95 and OpenJDK versions below 1.7.0.79 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized...

10CVSS0.7AI score0.98685EPSS
Exploits0Affected Software1
CVE
CVE
added 2018/03/27 4:0 p.m.49 views

CVE-2014-0486

Knot DNS allows remote DoS via a crafted DNS message in versions before 1.5.2, causing application crash. The issue affects Knot DNS when processing DNS messages; no remediation or mitigation details are provided in the supplied documents.

7.5CVSS7.2AI score0.03462EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.34 views

SUSE SLES12 Security Update : xmltooling (SUSE-SU-2018:0140-1)

This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 Note that...

6.5CVSS6.3AI score0.01518EPSS
Exploits2References4
Prion
Prion
added 2018/02/27 3:29 p.m.15 views

Design/Logic Flaw

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...

6.4CVSS6.5AI score0.02148EPSS
Exploits2References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/02/21 12:0 a.m.41 views

SUSE SLES11 Security Update : ImageMagick (SUSE-SU-2018:0486-1)

This update for ImageMagick fixes the following issues : - CVE-2017-9407: In ImageMagick, the ReadPALMImage function in palm.c allowed attackers to cause a denial of service memory leak via a crafted file. bsc1042824 - CVE-2017-11448: The ReadJPEGImage function in coders/jpeg.c in ImageMagick...

9.8CVSS6.8AI score0.04018EPSS
Exploits3References72
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.21 views

openSUSE Security Update : xmltooling (openSUSE-2018-65)

This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 This upda...

6.5CVSS6.3AI score0.01518EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2018/01/21 12:0 a.m.23 views

openSUSE: Security Advisory for xmltooling (openSUSE-SU-2018:0158-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.7AI score0.01518EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2018/01/15 12:0 a.m.72 views

Shibboleth 2 XML Injection

Advisory: Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the...

6.5AI score0.01518EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2018/01/13 6:29 p.m.20 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.5CVSS6.7AI score0.01518EPSS
Exploits2References2
OSV
OSV
added 2018/01/13 6:29 p.m.3 views

DEBIAN-CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.5CVSS6.3AI score0.01518EPSS
Exploits2References1
Rows per page
Query Builder