Lucene search
K

17 matches found

NVD
NVD
added 2023/03/29 7:15 p.m.22 views

CVE-2022-27646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

8.8CVSS8.4AI score0.01432EPSS
Exploits1References2
Prion
Prion
added 2023/03/29 7:15 p.m.19 views

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

5.8CVSS9AI score0.01432EPSS
Exploits1References2Affected Software24
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.28 views

CVE-2022-27646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

8CVSS9.1AI score0.01432EPSS
Exploits1References2
CVE
CVE
added 2023/03/29 12:0 a.m.58 views

CVE-2022-27646

CVE-2022-27646 affects NETGEAR R6700v3 with firmware 1.0.4.120_10.0.91. The circled daemon (circled) accepts a crafted circleinfo.txt file that overflows a fixed-length stack buffer, enabling arbitrary code execution with root privileges. Authentication is required but bypassable per disclosures....

8.8CVSS8.4AI score0.01432EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/07/21 4:59 p.m.41 views

CVE-2020-15879

Bitwarden Server 1.35.1 is affected by CVE-2020-15879: it allows SSRF because it does not consider certain IPv6 addresses (fc*/fd*/fe*/ff* and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16). The connected sources confirm a SSRF issue in Bitwarden Server, but e...

7.5CVSS7.5AI score0.02699EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2020/05/13 8:34 p.m.5 views

CVE-2019-15879

creationtimestamp| type| source ---|---|--- 2020-05-13 20:34:12+00:00| seen| https://t.me/cibsecurity/12044...

7.4CVSS7.3AI score0.00656EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/13 3:38 p.m.23 views

CVE-2019-15879

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel...

7.2AI score0.00656EPSS
Exploits0References2
CVE
CVE
added 2020/05/13 3:38 p.m.51 views

CVE-2019-15879

Summary: CVE-2019-15879 affects FreeBSD cryptodev in 11.x/12.x releases. A race condition allowed a data structure in the kernel to be used after it was freed (use-after-free), enabling an unprivileged process to overwrite arbitrary kernel memory. Affected components: cryptodev kernel module in F...

7.4CVSS7.1AI score0.00656EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/05/13 12:0 a.m.19 views

FreeBSD : FreeBSD -- Use after free in cryptodev module (9f15c2da-947e-11ea-92ab-00163e433440)

A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module. Impact : An unprivileged process can overwrite arbitrary kernel memory. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

7.4CVSS7.4AI score0.00656EPSS
Exploits0References2
CVE
CVE
added 2019/06/20 6:11 p.m.171 views

CVE-2018-15879

CVE-2018-15879 is rejected/not used per the Initial Description.

8.6AI score
Exploits0
Cvelist
Cvelist
added 2019/06/20 6:11 p.m.21 views

CVE-2018-15879

...

Exploits0
Packet Storm
Packet Storm
added 2017/10/25 12:0 a.m.48 views

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

8.7AI score0.07217EPSS
Exploits4
exploitpack
exploitpack
added 2017/10/25 12:0 a.m.31 views

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...

6.8CVSS9AI score0.07217EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/10/25 12:0 a.m.59 views

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

8.8CVSS8.8AI score0.07217EPSS
Exploits4
NVD
NVD
added 2017/10/24 9:29 p.m.13 views

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS8.8AI score0.07217EPSS
Exploits4References3
OSV
OSV
added 2017/10/24 9:29 p.m.13 views

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS7AI score
Exploits0References3
CVE
CVE
added 2017/10/24 9:0 p.m.76 views

CVE-2017-15879

CVE-2017-15879 affects KeystoneJS before 4.0.0-beta.7. The CSV injection vulnerability arises in the CSV export path via values mishandled in admin/server/api/download.js and lib/list/getCSVData.js, enabling Excel macro/formula injection. Documentation indicates the issue exists prior to version ...

8.8CVSS8.6AI score0.07217EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder