Lucene search
+L

225 matches found

susecve
susecve
added 2023/02/15 3:59 a.m.6 views

SUSE CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

8.8CVSS8.4AI score0.0102EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2022/12/08 12:0 a.m.4 views

PT-2022-36239 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.65 through 5.15.77 Description: A null pointer dereference issue was found in the neigh table clear function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score
Exploits0References1
hackerone
hackerone
added 2022/11/29 10:8 a.m.142 views

Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable

Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...

4CVSS5.6AI score0.00559EPSS
Exploits0
openbugbounty
openbugbounty
added 2022/10/02 5:27 a.m.15 views

advokat-77.ru Cross Site Scripting vulnerability OBB-2971570

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
ics
ics
added 2022/08/30 12:0 a.m.57 views

Sensormatic Electronics iSTAR

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls Inc. Equipment: iSTAR Ultra Vulnerability: Command Injection 2. RISK EVALUATION An unauthenticated user could use a malicious request to run...

10CVSS10AI score0.01949EPSS
Exploits0References5
ics
ics
added 2022/08/23 12:0 a.m.48 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run commands directly in the...

9.9CVSS9.4AI score0.41466EPSS
Exploits0References5
talos
talos
added 2022/05/10 12:0 a.m.46 views

InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability

Summary An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.8AI score0.12477EPSS
Exploits1
ics
ics
added 2022/03/24 12:0 a.m.52 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

9CVSS9AI score0.01343EPSS
Exploits0References5
jvn
jvn
added 2022/03/08 6:56 a.m.6 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds Write CWE-787 - CVE-2022-21124 Use After Free CWE-416 - CVE-2022-25230 Use After Free CWE-416 - CVE-2022-25325 Out-of-bounds Read CWE-125 - CVE-2022-21219 Out-of-bounds Write CWE-787...

7.8CVSS7.5AI score0.01456EPSS
Exploits0References15
hackread
hackread
added 2021/12/13 2:49 p.m.16 views

Ascendex cryptocurrency exchange hacked – $77 million stolen

By Waqas Ascendex has lost $77 million worth of RC20, BSC, and Polygon tokens to cyberattack. This is a post from HackRead.com Read the original post: Ascendex cryptocurrency exchange hacked - $77 million stolen...

0.9AI score
Exploits0
nvd
nvd
added 2021/12/08 11:15 a.m.24 views

CVE-2021-36180

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

8.8CVSS0.01073EPSS
Exploits0References1
prion
prion
added 2021/12/08 11:15 a.m.17 views

Command injection

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

6.5CVSS8.8AI score0.01073EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2021/12/08 10:46 a.m.15 views

CVE-2021-36180

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

8.1CVSS7.5AI score0.01073EPSS
Exploits0References1
cvelist
cvelist
added 2021/12/08 10:46 a.m.32 views

CVE-2021-36180

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

8.1CVSS9.1AI score0.01073EPSS
Exploits0References1
cve
cve
added 2021/12/08 10:46 a.m.46 views

CVE-2021-36180

CVE-2021-36180 affects Fortinet FortiWeb, specifically the management interface. The issue is described as multiple improper neutralization of special elements used in a command (CWE-77) that could allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP request p...

8.8CVSS8.9AI score0.01073EPSS
Exploits0References1Affected Software1
fortinet
fortinet
added 2021/12/07 12:0 a.m.38 views

FortiWeb - OS command injection

Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...

6.5CVSS8.8AI score0.01073EPSS
Exploits0Affected Software1
openbugbounty
openbugbounty
added 2021/11/06 3:32 a.m.11 views

rumont-77.fr Improper Access Control vulnerability OBB-2239405

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
openbugbounty
openbugbounty
added 2020/10/27 11:46 a.m.10 views

77-construction.com Cross Site Scripting vulnerability OBB-1454641

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
cve
cve
added 2020/09/23 9:10 p.m.195 views

CVE-2020-25599

CVE-2020-25599 affects Xen up to 4.14.x, with race conditions in evtchn_reset() potentially allowing x86 PV guests to escalate to host privileges, cause host/guest crashes, or DoS. All Xen 4.5+ are vulnerable; 4.4 and earlier are not. Several vendor advisories indicate patches were released to fi...

7CVSS7AI score0.00286EPSS
Exploits0References8Affected Software1
debiancve
debiancve
added 2020/09/23 9:10 p.m.38 views

CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

7CVSS7.1AI score0.00286EPSS
Exploits0
Rows per page
Query Builder