Lucene search
K

545 matches found

Fedora
Fedora
added 2019/03/29 7:36 p.m.38 views

[SECURITY] Fedora 30 Update: PyYAML-5.1-1.fc30

YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...

9.8CVSS1.7AI score0.06031EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2019/03/18 12:45 p.m.2 views

openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files

A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...

7.8CVSS5.8AI score0.00386EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2019/02/19 12:0 a.m.147 views

docker-engine security update

18.03.1.ol-0.0.12 - correct the version string of containerd 18.03.1.ol-0.0.11 - update runc for CVE-2019-5736 18.03.1.ol-0.0.10 - update Go to version 1.10.8 18.03.1.ol-0.0.9 - correct changelog 18.03.1.ol-0.0.8 - fix orabug 28452214 and orabug 28461404 18.03.1.ol-0.0.6 - obsolete/provide the...

9.3CVSS2.1AI score0.9857EPSS
Exploits33
Hacker One
Hacker One
added 2019/02/17 4:0 p.m.35 views

Notepad++: Command injection by setting a custom search engine

Summary: Arbitrary commands can be injected when using the "Search on Internet" function with a malicious custom search engine. The custom search engine can be set through the GUI or the config files, with different attack scenarios. Description: The "Search on Internet" context menu functionalit...

Exploits0
Oracle linux
Oracle linux
added 2019/02/15 12:0 a.m.94 views

docker-engine security update

17.06.2.ol-1.0.6 - update the version string of runc to show the CVE fixed 17.06.2.ol-1.0.4 - build using Go 1.10.8 - apply fix for runc CVE-2019-5736 17.06.2.ol-1.0.3 - spec: do not replace config files Jacob Wen Orabug: 28235986...

9.3CVSS3.3AI score0.9857EPSS
Exploits33
CNVD
CNVD
added 2019/02/03 12:0 a.m.2 views

Code execution vulnerability in phpyun v4.6 (CNVD-2019-06252)

PHP cloud talent system phpyun is an open source talent and enterprise job search recruitment, hiring solutions built using PHP and MySQL database. A code execution vulnerability exists in phpyun v4.6, which can be exploited by an attacker to gain control of the web server by constructing specifi...

7.9AI score
Exploits0
Metasploit
Metasploit
added 2019/01/19 1:45 p.m.53 views

SAP Management Console List Config Files

This module attempts to list the config files through the SAP Management Console SOAP Interface. Returns a list of config files found in the SAP configuration with its absolute paths inside the server filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...

7.2AI score
Exploits0
Prion
Prion
added 2019/01/09 11:29 p.m.16 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

5.8CVSS8AI score0.00835EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/12/19 12:0 a.m.1 views

ABB CMS-770 Authentication Bypass Vulnerability

The CMS-770 is a multi-loop monitoring system from ABB for monitoring branch circuits in electrical systems. An authentication bypass vulnerability exists in ABB CMS-770 version 1.7.1 and earlier. An attacker could exploit the vulnerability to read sensitive configuration files, which could be us...

6.5CVSS7.4AI score0.00766EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/12/18 9:12 p.m.32 views

pyHAWK - Searches The Directory Of Choice For Interesting Files. Such As Database Files And Files With Passwords Stored On Them

Searches the directory of choice for interesting files. Such as database files and files with passwords stored on them Features Scans directory for intresting file types Outputs them to the screen Supports many file types Installation Instructions The installation is easy. Git clone the repo and...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/10/17 7:56 p.m.28 views

There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS1.1AI score0.03917EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/10/17 7:56 p.m.2 views

GHSA-RC9V-H28F-JCMF There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

5.5CVSS6AI score0.03917EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2018/10/17 7:55 p.m.30 views

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS5.2AI score0.09025EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2018/10/17 7:55 p.m.0 views

GHSA-7PX3-6F6G-HXCJ XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS6.4AI score0.09025EPSS
Exploits1References9
exploitpack
exploitpack
added 2018/10/15 12:0 a.m.32 views

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...

0.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/07/06 2:48 a.m.18 views

CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

6.5CVSS1.8AI score0.09025EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/07/05 2:29 p.m.18 views

CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS6.4AI score0.09025EPSS
Exploits1References3
NVD
NVD
added 2018/07/05 2:29 p.m.22 views

CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.5CVSS5.3AI score0.09025EPSS
Exploits1References4
Prion
Prion
added 2018/07/05 2:29 p.m.12 views

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

2.1CVSS5.3AI score0.09025EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/07/05 2:0 p.m.26 views

CVE-2018-8026

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

5.3AI score0.09025EPSS
Exploits1References4
Rows per page
Query Builder