Lucene search
K

83 matches found

Cvelist
Cvelist
added 2022/04/27 3:15 p.m.19 views

CVE-2021-34590 Bender Charge Controller: Cross-site Scripting

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

5.4CVSS5.7AI score0.00421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.7 views

PT-2022-10361 · Unknown · Bender/Ebee Charge Controllers

Name of the Vulnerable Software and Affected Versions: Bender/ebee Charge Controllers affected versions not specified Description: The issue allows an authenticated attacker to perform Cross-site Scripting by writing HTML code into configuration values, which are not properly escaped when...

5.4CVSS5.3AI score0.00421EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.4 views

Bender ebee 充电控制器 跨站脚本漏洞

ebee is a charge controller from Bender. A cross-site scripting vulnerability exists in the Bender ebee Charge Controller that stems from easy cross-site scripting. An authenticated attacker could write HTML code to configuration values. These values are not properly escaped when displayed. The...

5.4CVSS5.2AI score0.00421EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/10/20 2:24 p.m.5 views

redis: Integer overflow issue with Streams

An integer overflow issue was found in redis. The vulnerability involves changing the default "proto-max-bulk-len" and "client-query-buffer-limit" configuration parameters to very large values and constructing specially crafted large stream elements. This flaw allows a remote attacker to corrupt...

7.5CVSS7.7AI score0.03688EPSS
Exploits0References5
NVD
NVD
added 2021/08/25 12:15 p.m.14 views

CVE-2021-33883

A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration...

7.5CVSS0.00832EPSS
Exploits1References2
CVE
CVE
added 2021/08/25 11:19 a.m.55 views

CVE-2021-33883

CVE-2021-33883 affects B. Braun SpaceCom2 prior to 012U000062, exposing a cleartext transmission vulnerability that allows remote attackers to snoop network traffic and obtain sensitive data, including pump internal configuration values. Connected documents also describe related issues in SpaceCo...

7.5CVSS7.3AI score0.00832EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/20 12:0 a.m.4 views

The vulnerability of NTP protocol implementations allows attackers to induce service failures.

The vulnerability of NTP synchronization protocol implementations exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a service failure ntpd daemon failure due to an invalid value in the :config directive...

6.8CVSS6.9AI score0.05239EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2020/02/06 6:15 p.m.15 views

Command injection

Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service...

9.3CVSS7.7AI score0.01691EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2019/12/03 11:14 a.m.5 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/11/26 11:56 a.m.9 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/22 12:3 p.m.9 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/16 12:57 p.m.6 views

python-jinja2: Sandbox escape due to information disclosure via str.format

A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity a...

8.6CVSS7.2AI score0.03492EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.6 views

The vulnerability of the iOS operating system allows a hacker to bypass the sandbox mechanism and read the values of configuration settings.

The vulnerability of the Sandboxprofiles component of the iOS operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass the sandbox mechanism and read configuration values using a specially crafted application...

4.3CVSS5.8AI score0.01362EPSS
Exploits0References3Affected Software1
Xen Project
Xen Project
added 2015/07/07 12:0 p.m.79 views

xl command line config handling stack overflow

ISSUE DESCRIPTION The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun. VULNERABLE SYSTEMS Systems built on top of xl which pass laundered or checked but otherwise untrusted configuration values onto xl's command line, witho...

6.8CVSS7.5AI score0.00394EPSS
Exploits0
OSV
OSV
added 2015/06/15 2:40 p.m.6 views

SUSE-RU-2015:1175-1 Recommended update for Package Management Stack

This update provides fixes and enhancements for the Software Update Stack. gnome-packagekit: - Fix title of license agreement window. bsc927319 libsolv: - Rework splitprovides handling. bnc921332 - Add product:regflavor attribute. bnc896224 - Fix bug in reorderdqforjobrules that could lead to...

4.3CVSS4.8AI score0.99999EPSS
Exploits7References48
Cisco
Cisco
added 2015/03/19 3:59 p.m.17 views

Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the Autonomic Networking Infrastructure ANI feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI. The vulnerability is due to insufficient validation of received Autonomic Networking AN messages. A...

5.8CVSS5.9AI score0.01733EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/04/29 2:38 p.m.26 views

CVE-2013-7064

Cross-site scripting XSS vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values...

2.1CVSS6AI score0.00941EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2013/07/12 12:0 a.m.50 views

DD-WRT 24-sp2 CSRF / Command Injection

DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...

0.01691EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2005/10/23 9:2 p.m.22 views

CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

5CVSS6AI score0.02706EPSS
Exploits0References1
Rows per page
Query Builder