Lucene search
K

130 matches found

Positive Technologies
Positive Technologies
added 2024/04/21 12:0 a.m.5 views

PT-2024-3258 · Keenetic · Keenetic Kn-1810 +4

Name of the Vulnerable Software and Affected Versions: Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 versions up to 4.1.2.15 Description: A vulnerability was found in the file /ndmComponents.js of the component Configuration Setting Handler, which can lead to information disclosure. Th...

5.3CVSS6.9AI score0.00572EPSS
Exploits0References8
NVD
NVD
added 2024/04/01 11:15 a.m.27 views

CVE-2023-6154

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

7.8CVSS7.6AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/01 10:6 a.m.16 views

CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

7.8CVSS7.2AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2024/04/01 10:6 a.m.65 views

CVE-2023-6154

CVE-2023-6154 affects Bitdefender Total Security, Internet Security, Antivirus Plus, and Antivirus Free (all reported as 27.0.25.114). Root cause: a configuration setting issue in seccenter.exe that allows an attacker to change the product’s expected behavior and potentially load a third‑party li...

7.8CVSS7.6AI score0.002EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2024/04/01 10:6 a.m.22 views

CVE-2023-6154 Local privilege escalation in Bitdefender Total Security (VA-11168)

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This...

7.8CVSS7.8AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:6 a.m.25 views

BIT-ROUNDCUBE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS9.6AI score0.84456EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.7 views

Apache Archiva Security Vulnerability

Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva that stems from a setting...

7.5CVSS6.9AI score0.01192EPSS
Exploits0References3
CNVD
CNVD
added 2024/01/29 12:0 a.m.8 views

Apache Airflow Code Execution Vulnerability (CNVD-2024-26531)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A code execution vulnerability exists in Apache Airflow versions prior to 2.8.1,...

7.5CVSS7.8AI score0.0121EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.5 views

savignano S/Notify Security Vulnerabilities

savignano S/Notify is savignano's most versatile email encryption solution for Jira, Confluence and Bitbucket. A security vulnerability exists in savignano S/Notify versions prior to 2.0.1 that originates from a configuration setting that can be modified via a cross-site request forgery CSRF...

8.3CVSS6.7AI score0.00173EPSS
Exploits0References2
Prion
Prion
added 2023/09/01 10:15 a.m.18 views

Xxe

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

6.5CVSS5.1AI score0.00739EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/01 9:55 a.m.10 views

CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

8.8CVSS6.8AI score0.00739EPSS
Exploits1References2
OSV
OSV
added 2023/09/01 9:55 a.m.21 views

CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

8.8CVSS7AI score0.00739EPSS
Exploits1References4
NVD
NVD
added 2023/08/14 7:15 p.m.10 views

CVE-2023-28483

An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL querie...

8.8CVSS8.7AI score0.00741EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/23 8:58 p.m.22 views

CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...

8.4CVSS8.8AI score0.00981EPSS
Exploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/22 12:0 a.m.116 views

Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS8.1AI score0.84456EPSS
In wildExploits1
Cvelist
Cvelist
added 2023/05/01 5:0 a.m.16 views

CVE-2018-25085 Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting

A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsivemenusadminformsubmit of the file responsivemenus.module of the component Configuration Setting Handler. The manipulation leads to cross site...

3.3CVSS4.9AI score0.00491EPSS
Exploits0References5
OSV
OSV
added 2022/11/09 10:15 p.m.6 views

CVE-2022-39887

Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting...

3.3CVSS5.8AI score0.00082EPSS
Exploits0References1
Metasploit
Metasploit
added 2022/09/07 7:49 p.m.232 views

Apache Spark Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs...

8.8CVSS9.5AI score0.92984EPSS
Exploits12
Metasploit
Metasploit
added 2022/03/16 5:42 p.m.529 views

CVE-2022-21999 SpoolFool Privesc

The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to achieve code execution as SYSTEM. The SpoolDirectory, a configuration setting that holds the path that a printer's spooled jobs are sent to, is writable for all users, and it can be configured via...

7.8CVSS9.3AI score0.41683EPSS
Exploits4
Prion
Prion
added 2022/01/03 10:15 p.m.19 views

Design/Logic Flaw

Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak...

5CVSS5.3AI score0.00483EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder