Lucene search
K

5111 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.3 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS7AI score0.00655EPSS
Exploits0References3
NVD
NVD
added 2022/01/12 8:15 p.m.19 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.37 views

CVE-2022-20619

A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.6AI score0.00655EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2022/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-6719

delivery.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconnhost parameter...

6CVSS7.6AI score0.26628EPSS
Exploits5References1
ThreatPost
ThreatPost
added 2022/01/11 8:35 p.m.170 views

MacOS Bug Could Let Creeps Snoop On You

Microsoft on Monday released details about a bug in macOS that Apple fixed last month – named “powerdir” – that could let attackers hijack apps, install their own nasty apps, use the microphone to eavesdrop or grab screenshots of whatever’s displayed on your screen. The vulnerability allows...

7.8CVSS7.2AI score0.13453EPSS
Exploits1References17
CNVD
CNVD
added 2022/01/11 12:0 a.m.25 views

Google Chrome resource management error vulnerability

Google Chrome is a Web browser from Google, Inc. A resource management error vulnerability exists in Google Chrome, which stems from the product's screen capture component referencing freed memory. A remote attacker could use this vulnerability to create a specially crafted web page, trick a vict...

8.8CVSS2.8AI score0.00918EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2022/01/10 7:4 p.m.36 views

CVE-2021-4183

A heap-buffer-overflow vulnerability was found in Wireshark. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt or crash...

5.5CVSS3.1AI score0.01426EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/01/10 6:25 p.m.28 views

CVE-2021-4184

An infinite-loop flaw was found in Wireshark's DHT dissector module. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash or go into an infinite loop...

7.5CVSS2AI score0.03879EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/01/10 5:55 p.m.30 views

CVE-2021-4181

A denial of service via packet injection flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt or crash, leading to a denial of service...

7.5CVSS2.1AI score0.03774EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2022/01/06 8:0 a.m.21 views

Chromium: CVE-2022-0098 Use after free in Screen Capture

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.8AI score0.00918EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/01/06 12:0 a.m.67 views

Microsoft Edge (Chromium) < 97.0.1072.55 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 97.0.1072.55. It is, therefore, affected by multiple vulnerabilities as referenced in the January 6, 2022 advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an...

9.6CVSS7.2AI score0.02543EPSS
Exploits20References59
Veracode
Veracode
added 2022/01/05 4:25 a.m.25 views

Denial Of Service (DoS)

wireshark is vulnerable to denial of service. The vulnerability exists because of a fuzz job in the Gryphon dissector which allows an attacker to crash the application via packet injection or crafted capture file...

7.5CVSS3.4AI score0.02205EPSS
Exploits1References13Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/05 12:0 a.m.34 views

FreeBSD : chromium -- multiple vulnerabilities (9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec advisory. - Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allow...

9.6CVSS7.4AI score0.01477EPSS
Exploits19References26
Tenable Nessus
Tenable Nessus
added 2022/01/04 12:0 a.m.55 views

Google Chrome < 97.0.4692.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop advisory. - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed ...

9.6CVSS7.5AI score0.01477EPSS
Exploits21References51
CNVD
CNVD
added 2022/01/04 12:0 a.m.27 views

Wireshark Injection Vulnerability (CNVD-2022-11196)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. An injection vulnerability exists in Wireshark versions 3.4.0 - 3.4.10, which stems fro...

7.5CVSS7.3AI score0.02205EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/04 12:0 a.m.4 views

Google Chrome 资源管理错误漏洞

Google Chrome is a Web browser from Google, Inc. A resource management error vulnerability exists in Google Chrome, which stems from the product's screen capture component referencing freed memory. A remote attacker could use this vulnerability to create a specially crafted web page, trick a vict...

8.8CVSS8.9AI score0.00918EPSS
Exploits1References14
CNVD
CNVD
added 2022/01/04 12:0 a.m.32 views

Wireshark Injection Vulnerability (CNVD-2022-11201)

Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...

7.5CVSS4.3AI score0.03296EPSS
Exploits1References1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2022/01/04 12:0 a.m.333 views

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 97 to the stable channel for Windows, Mac and Linux.This will roll out over the coming days/weeks. Chrome 97.0.4692.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

9.6CVSS9AI score0.01477EPSS
Exploits23Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/04 12:0 a.m.113 views

Google Chrome < 97.0.4692.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 97.0.4692.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202201stable-channel-update-for-desktop advisory. - Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a...

9.6CVSS7.5AI score0.01477EPSS
Exploits21References51
CNVD
CNVD
added 2022/01/04 12:0 a.m.21 views

Wireshark BitTorrent DHT Parser Denial of Service Vulnerability

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.Gryphon dissector is one of the Gryphon protocol parsers. A security vulnerability exists in...

7.5CVSS7.4AI score0.03879EPSS
Exploits1References1
Rows per page
Query Builder