Lucene search
K

734 matches found

Cvelist
Cvelist
added 2021/06/11 2:33 p.m.21 views

CVE-2021-25411

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory...

4.8AI score0.00103EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.30 views

Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Linux

Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.4AI score0.03058EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/25 12:0 a.m.6 views

PT-2021-4521 · Django +4 · Django +4

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.24 Django versions 3.x before 3.1.12 Django versions 3.2 before 3.2.4 Description: The issue is related to the URLValidator, validate ipv4 address, and validate ipv46 address functions in Django, which do not...

9.8CVSS6.5AI score0.99856EPSS
Exploits44References208
Veracode
Veracode
added 2021/05/24 9:29 a.m.35 views

Arbitrary Code Execution

python3 is vulnerable to arbitrary code execution. IP address octets are left stripped instead of evaluated as valid IP addresses due to improper input validation of octal strings in the stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks o...

9.8CVSS6AI score0.06827EPSS
Exploits1References17Affected Software7
Positive Technologies
Positive Technologies
added 2021/05/18 12:0 a.m.7 views

PT-2021-6816 · Unknown +2 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: A security issue in Kubernetes allows a remote attacker to redirect pod traffic to private networks on a Node, potentially accessing confidential data and compromising its integrity. The...

8.8CVSS5.4AI score0.06505EPSS
Exploits2References41
OSV
OSV
added 2021/04/19 7:28 p.m.9 views

USN-4919-1 openslp-dfsg vulnerability

It was discovered that OpenSLP did not properly validate URLs. A remote attacker could use this issue to cause OpenSLP to crash or possibly execute arbitrary code...

9.8CVSS7.3AI score0.96823EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2018:0438-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.6AI score0.93838EPSS
Exploits14References16
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.14 views

Nextcloud 注入漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....

8.8CVSS8.1AI score0.04698EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2021/03/29 12:0 a.m.1 views

PT-2021-7695 · Unknown +1 · Net::Netmask +1

Name of the Vulnerable Software and Affected Versions: Net::Netmask versions prior to 2.0000 Description: The issue is related to the improper handling of extraneous zero characters at the beginning of an IP address string, which can allow attackers to bypass access control based on IP addresses...

7.8CVSS7.4AI score0.02001EPSS
Exploits1References35
Positive Technologies
Positive Technologies
added 2021/03/29 12:0 a.m.1 views

PT-2021-7694 · Unknown +1 · Data::Validate::Ip +1

Name of the Vulnerable Software and Affected Versions: Data::Validate::IP versions 0.29 and earlier Description: The issue is related to improper authorization in the Data::Validate::IP module. It allows a remote attacker to impact data integrity by bypassing access control based on IP addresses...

7.8CVSS7.3AI score0.02191EPSS
Exploits1References23
OSV
OSV
added 2021/03/09 6:15 p.m.1 views

DEBIAN-CVE-2021-21187

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

4.3CVSS6.5AI score0.01451EPSS
Exploits0References1
NVD
NVD
added 2021/03/04 9:15 p.m.14 views

CVE-2021-25339

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...

5.2CVSS0.00115EPSS
Exploits0References2
OSV
OSV
added 2021/03/04 9:15 p.m.5 views

CVE-2021-25339

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...

5.2CVSS6AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/04 9:0 p.m.19 views

CVE-2021-25339

Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory...

4.4CVSS5.5AI score0.00115EPSS
Exploits0References2
CVE
CVE
added 2021/03/04 9:0 p.m.58 views

CVE-2021-25339

The CVE-2021-25339 entry relates to Samsung mobile devices with an improper address validation in HArx. Root cause stated: incorrect address validation can allow memory corruption in EL2 when the kernel is compromised. Affected scope is Samsung mobile devices prior to SMR Mar-2021 Release 1; expl...

5.2CVSS5.2AI score0.00115EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.6 views

Qualcomm WIN TZ FW Security Vulnerability

Qualcomm WIN TZ FW is a Qualcomm Incorporated USA support firmware for use on processors. A security vulnerability exists in Qualcomm WIN TZ FW, which arises from an image address being dereferenced prior to validation of its scope, and affects the following products and versions: AR7420, AR9580,...

6.5CVSS6.6AI score0.00168EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/12/18 12:0 a.m.5 views

The vulnerability of the spam protection mechanism in the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) allows a hacker to bypass the URL filtering.

The vulnerability of the spam protection mechanism in Cisco’s operating system, Cisco AsyncOS, within Cisco Email Security Appliance ESA, is related to errors during the validation of incoming URL addresses. Exploiting this vulnerability could allow a malicious actor to bypass the URL filtering...

5.8CVSS6.2AI score0.0099EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.33 views

Ubuntu 16.04 LTS / 18.04 LTS : netqmail vulnerabilities (USN-4621-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4621-1 advisory. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause...

9.8CVSS7AI score0.10789EPSS
Exploits8References6
OSV
OSV
added 2020/10/21 7:15 p.m.2 views

CVE-2020-3578

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked...

6.5CVSS6.9AI score0.01217EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/29 7:31 p.m.3 views

mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes

An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would...

6.1CVSS5.7AI score0.01535EPSS
Exploits0References4
Rows per page
Query Builder