Lucene search
+L

112 matches found

0day.today
0day.today
added 2020/09/01 12:0 a.m.59 views

Sagemcom F@ST 5280 Privilege Escalation Vulnerability

Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sessid, nonce, and ha1 values inside of the...

9CVSS8.8AI score0.03672EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/09/01 12:0 a.m.310 views

Sagemcom F@ST 5280 Privilege Escalation

privilege escalation Date: 08-31-2020 Exploit Author: Ryan Delaney Author Contact: ryan.delaney owasp org Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://sagemcom.com/en Software Link: N/A F@ST 5280 firmware not published Version: F@ST 5280 router, F/W 1.150.61,...

0.7AI score0.03672EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2020/04/08 10:18 p.m.28 views

CVE-2016-5280

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to execute arbitrary code via bidirectional text...

7.5CVSS7.2AI score0.05037EPSS
Exploits0References2
CVE
CVE
added 2020/03/25 5:45 p.m.75 views

CVE-2020-5280

CVE-2020-5280 affects http4s prior to versions 0.18.26, 0.20.20, and 0.21.2. The local file inclusion arises from incorrect URI normalization in FileService, ResourceService, and WebjarService, allowing path segments like ../ or // to access resources outside the configured location. Patches exis...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/03/25 5:45 p.m.32 views

CVE-2020-5280 Local file inclusion vulnerability in http4s

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2020/03/25 5:35 p.m.7 views

com.akolov:doorman-core_2.12 (=0.0.5), com.avast:scala-server-toolkit-http4s-blaze-server_2.12 (=0.1.3) +55 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.19.0 <=0.20.2)

org.http4s:http4s-server2.12 MAVEN version =0.19.0, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.1.4, =0.0.16, =0.0.13, =0.0.13, =0.0.13, =0.0.13, =0.17.0, =0.18.1 - com.github.allantl:atlassian-connect-http4s2.12 =0.0.1 and more Source cves: CVE-2020-5280 Source advisory: OSV:GHSA-66Q9-F7FF-MMX6...

7.6CVSS7.1AI score0.06817EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/03/25 5:35 p.m.9 views

com.dbrsn:universal-health-check-http4s_2.12 (=0.0.5), com.github.agourlay:cornichon-http-mock_2.12 (>=0.12.7 <=0.16.3) +36 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.10.0-M10 <=0.18.25)

org.http4s:http4s-server2.12 MAVEN version =0.10.0-M10, =0.12.7, =0.0.3, =0.1.0-RC2, =0.5.2, =2.1.0, =2.2.0, =2.2.0, =2.2.0, =2.3.0, =2.2.0, =2.3.0, =2.2.2, =2.2.5 and more Source cves: CVE-2020-5280 Source advisory: OSV:GHSA-66Q9-F7FF-MMX6...

7.6CVSS7.1AI score0.06817EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/03/25 5:35 p.m.4 views

com.avast.grpc:grpc-json-bridge-http4s_2.12 (>=0.18.3 <=0.18.5), com.avast:sst-bundle-monix-http4s-blaze_2.12 (>=0.1.21 <=0.6.5) +59 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.21.0 <=0.21.19)

org.http4s:http4s-server2.12 MAVEN version =0.21.0, =0.18.3, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.6.5 - com.clovellytech:h4sm-auth2.12 =0.0.42 - com.clovellytech:h4sm-features2.12 =0.0.42 - com.clovellytech:h4sm-files2.12 =0.0.42 - com.clovellytech:h4sm-invitations2.12 =0.0.42...

7.6CVSS7.1AI score0.06817EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2016-1046)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.05037EPSS
Exploits0References2
CVE
CVE
added 2019/08/13 8:35 p.m.53 views

CVE-2019-5280

The CVE-2019-5280 issue affects Huawei CloudLink Phone 7900 (V600R019C10) SIP TLS module. The root cause is insufficient verification of TLS server certificate parameters, enabling potential man-in-the-middle attacks that can cause abnormal phone registrations and affect IP phone availability. Pu...

6.5CVSS6.3AI score0.00419EPSS
Exploits0References1Affected Software1
Huawei
Huawei
added 2019/07/24 12:0 a.m.135 views

Security Advisory - TLS Certificate Verification Vulnerability in Huawei 7900 IP Phones

There is a TLS certificate verification vulnerability in the SIP TLS module of Huawei 7900 IP Phones. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally,...

6.5CVSS6.3AI score0.00419EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.34 views

openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:3013-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.2AI score0.49268EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/05 12:8 p.m.108 views

Security update for openssl-1_1 (moderate)

This update for openssl-11 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an...

5CVSS0.8AI score0.49268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/10/05 12:0 a.m.42 views

Mozilla Firefox < 49 Multiple Vulnerabilities

The version of Mozilla Firefox installed on the remote Windows host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus...

9.8CVSS6.8AI score0.05037EPSS
Exploits0References51
Tenable Nessus
Tenable Nessus
added 2018/10/05 12:0 a.m.46 views

Mozilla Firefox < 49 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox installed on the remote macOS host is prior to 49. It is, therefore, affected by multiple vulnerabilities as noted in Mozilla Firefox stable channel update release notes for 2016/09/20. Please refer to the release notes for additional information. Note that Nessus h...

9.8CVSS7AI score0.05037EPSS
Exploits0References51
NVD
NVD
added 2018/02/06 4:29 p.m.16 views

CVE-2014-5280

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

9.3CVSS8.8AI score0.00729EPSS
Exploits0References1
CVE
CVE
added 2018/02/06 4:0 p.m.35 views

CVE-2014-5280

Boot2Docker 1.2 and earlier are affected by CVE-2014-5280, with a CSRF vulnerability exploited by leveraging Docker daemons that accept TCP connections without TLS authentication. This stems from the underlying Docker daemon configuration allowing unauthenticated TCP access, enabling CSRF-related...

9.3CVSS8.6AI score0.00729EPSS
Exploits0References1Affected Software1
Microsoft KB
Microsoft KB
added 2018/01/20 12:0 a.m.92 views

Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 (KB 4055270)

Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows Server 2012 KB 4055270 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible antivirus software, and...

7.5CVSS8.3AI score0.08885EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/01/09 8:0 a.m.36 views

Description of Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054997)

Description of Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2012 KB 4054997 Notice This update is included in the February 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4074806. Part...

7.5CVSS8AI score0.08885EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/01/09 8:0 a.m.26 views

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054181)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4054181 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and...

7.5CVSS8.1AI score0.08885EPSS
Exploits0
Rows per page
Query Builder