Lucene search
K

2874 matches found

UbuntuCve
UbuntuCve
added 2018/06/15 2:29 a.m.17 views

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS7.5AI score0.04648EPSS
Exploits0References6
NVD
NVD
added 2018/06/15 2:29 a.m.16 views

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS9.7AI score0.04648EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2018/06/15 2:0 a.m.24 views

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

9.8CVSS9.8AI score0.04648EPSS
Exploits0
Hacker One
Hacker One
added 2018/06/12 7:18 a.m.14 views

Smule: Disclosure of information about the system, configuration files.

Disclosure of django configuration via debug mode...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2018/06/10 6:48 p.m.128 views

New Relic: Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation

After installing the Windows Infrastructure client as discussed in https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure/installation/install-infrastructure-windows-server I noticed that integration yml config files are not only loaded from the folder within Program Files, but al...

0.6AI score
Exploits0
Prion
Prion
added 2018/06/07 9:29 p.m.21 views

Design/Logic Flaw

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

5.8CVSS5.1AI score0.00983EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2018/06/07 9:0 p.m.4 views

CVE-2018-0334

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

5.8AI score0.00983EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/07 9:0 p.m.20 views

CVE-2018-0334

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

5.1AI score0.00983EPSS
Exploits0References3
Prion
Prion
added 2018/06/06 8:29 p.m.20 views

Authentication flaw

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...

7.5CVSS9.3AI score0.02646EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/06 8:29 p.m.20 views

CVE-2017-7933

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...

9.8CVSS9.6AI score0.01678EPSS
Exploits0References2
Prion
Prion
added 2018/06/06 8:29 p.m.19 views

Design/Logic Flaw

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...

5CVSS9.3AI score0.01678EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/06/06 8:29 p.m.5 views

CVE-2017-7933

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...

9.8CVSS5.8AI score0.01678EPSS
Exploits0References2
OSV
OSV
added 2018/06/06 8:29 p.m.2 views

CVE-2017-7931

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2018/06/06 8:29 p.m.18 views

CVE-2017-7931

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...

9.8CVSS9.5AI score0.02646EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/06 8:0 p.m.29 views

CVE-2017-7933

In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access...

9.5AI score0.01678EPSS
Exploits0References2
Cisco
Cisco
added 2018/06/06 4:0 p.m.136 views

Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

4.8CVSS1.2AI score0.00983EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/06 12:0 a.m.5 views

ABB IP Gateway Unauthorized Access Vulnerability

ABB IP GATEWAY is a building management system from ABB Switzerland. A security vulnerability exists in ABB IP GATEWAY version 3.39 and earlier. The vulnerability can be exploited by an attacker to gain unauthenticated access to configuration files or application pages via a specially crafted URL...

9.8CVSS9.6AI score0.02646EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/20 8:29 p.m.19 views

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

8.5CVSS7.4AI score0.02743EPSS
Exploits1References4
Prion
Prion
added 2018/05/20 8:29 p.m.14 views

Directory traversal

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

8.5CVSS7.7AI score0.02743EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2018/05/20 8:29 p.m.24 views

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

7.5CVSS8.1AI score
Exploits0References5
Rows per page
Query Builder