Lucene search
K

49 matches found

Vulnrichment
Vulnrichment
added 2024/11/12 12:49 p.m.10 views

CVE-2024-50557

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

8.6CVSS7.9AI score0.00869EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/11/08 6:17 a.m.22 views

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

7.3AI score
Exploits0
CISA
CISA
added 2024/04/09 12:0 p.m.4 views

Fortinet Releases Security Updates for Multiple Products

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and...

8.4AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/27 12:0 a.m.7 views

The vulnerability in the web interface and command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems allows a malicious user to execute arbitrary commands from the root user.

The vulnerability in the web interface and the command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems is related to improper validation of the loaded configuration file for the SNMP protocol. Exploiting this vulnerability allows a maliciou...

7.9CVSS7.8AI score0.01262EPSS
Exploits2References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/10/02 12:0 a.m.6 views

The vulnerability of the SAML (Security Assertion Markup Language) technology used in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console (CMC) – a centralized security management tool – allows a malicious actor to trigger a service failure.

The vulnerability of the SAML Security Assertion Markup Language technology used in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console CMC, relates to insufficient validation of input data during the loading of configuration files. Exploiti...

6.3CVSS5.6AI score0.00501EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2023/07/06 3:3 p.m.50 views

CVE-2023-36830

CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...

7.8CVSS7AI score0.00414EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-8007

Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...

8.8CVSS7.8AI score0.11681EPSS
Exploits3References7
NVD
NVD
added 2022/05/05 5:15 p.m.17 views

CVE-2022-27634

On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions whi...

7.2CVSS0.01294EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.4 views

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products that...

7.8CVSS7.2AI score0.00556EPSS
Exploits0References8
NVD
NVD
added 2020/12/15 8:15 p.m.24 views

CVE-2020-25758

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root...

9CVSS8.6AI score0.01236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2020/03/04 6:40 p.m.9 views

CVE-2020-3157 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...

5.4CVSS5.9AI score0.00633EPSS
Exploits0References1
Prion
Prion
added 2019/05/31 10:29 p.m.18 views

Command injection

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying...

9CVSS7AI score0.03309EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2019/05/15 4:45 p.m.63 views

CVE-2019-1728

Cisco FXOS and NX-OS Software are affected by CVE-2019-1728 through the Secure Configuration Validation functionality. An authenticated local attacker with administrative credentials can overwrite the persistent configuration on the device, allowing arbitrary commands to run at system boot with r...

7.2CVSS6.4AI score0.00251EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/05 2:29 p.m.4 views

CVE-2018-0432

A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting applicatio...

8.8CVSS5.8AI score0.02633EPSS
Exploits0References2
NVD
NVD
added 2018/03/22 6:29 p.m.20 views

CVE-2018-5509

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...

7.8CVSS7.4AI score0.02866EPSS
Exploits0References3
OSV
OSV
added 2018/03/22 6:29 p.m.4 views

CVE-2018-5509

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...

7.5CVSS5.8AI score0.02866EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of the clusterLoadConfig function in the Redis database management system allows a attacker to cause service interruptions or other adverse effects.

The vulnerability of the clusterLoadConfig function in the Redis database management system arises from an operation that occurs outside the buffer in memory, due to the lack of checks on the values of migratingslotsto and migratingslotsfrom, which are defined in the configuration file. Exploitin...

9.8CVSS8AI score0.01784EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2016/06/17 12:0 a.m.60 views

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)

ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...

9.8CVSS6.8AI score0.44936EPSS
Exploits9References54
OSV
OSV
added 2016/06/14 6:45 a.m.10 views

SUSE-SU-2016:1568-1 Security update for ntp

ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...

9.8CVSS7AI score0.44936EPSS
Exploits9References37
OSV
OSV
added 2016/06/01 12:36 p.m.9 views

SUSE-SU-2016:1471-1 Security update for ntp

This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key 1 in it to avoid problems when upgrading installations that have the file, but no key 1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 bsc977446: CVE-2016-1547, bsc977459: Validate...

9.8CVSS6.5AI score0.15081EPSS
Exploits9References24
Rows per page
Query Builder