Lucene search
K

198 matches found

Cvelist
Cvelist
added 2020/06/01 4:42 p.m.26 views

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

9.6AI score0.01295EPSS
Exploits1References1
CVE
CVE
added 2020/03/25 1:25 a.m.42 views

CVE-2020-5555

CVE-2020-5555 affects Shihonkanri Plus GOOUT (Ver1.5.8, Ver2.2.10). The issue stems from improper input validation, enabling remote attackers to read and write files in the server directory (and, for CVE-2020-5554, in arbitrary file paths). Connected docs corroborate multiple vulnerabilities in t...

9.1CVSS9AI score0.01283EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/18 12:30 a.m.29 views

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

9.6AI score0.11576EPSS
Exploits0References2
CVE
CVE
added 2020/03/18 12:30 a.m.938 views

CVE-2020-8599

CVE-2020-8599 affects Trend Micro Apex One (2019) and OfficeScan XG servers. The issue is in a vulnerable EXE on the server that could let an unauthenticated remote attacker write arbitrary data to an arbitrary path and bypass ROOT login. The description indicates no authentication is required to...

10CVSS9.4AI score0.11576EPSS
In wildExploits0References3Affected Software2
Prion
Prion
added 2020/02/28 7:15 p.m.20 views

Input validation

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156C00E156R2P4 and versions earlier than BKL-L09 10.0.0.146C432E4R1P4 have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter wh...

7.1CVSS5.5AI score0.00478EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/01/15 5:15 p.m.6 views

CVE-2020-2720

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HT...

5.4CVSS6.3AI score0.00814EPSS
Exploits0References1
OSV
OSV
added 2019/07/23 11:15 p.m.8 views

CVE-2019-2484

Vulnerability in the Application Express component of Oracle Database Server. Supported versions that are affected are 5.1 and 18.2. Easily exploitable vulnerability allows low privileged attacker having Valid Account privilege with network access via HTTP to compromise Application Express...

5.4CVSS5.8AI score0.0074EPSS
Exploits0References1
OSV
OSV
added 2019/02/21 7:29 p.m.5 views

CVE-2019-1667

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the...

3.3CVSS5.9AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/12/20 3:0 p.m.33 views

CVE-2018-1000849

Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools Alpine Linux' package manager that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data ...

9AI score0.03529EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2018/10/25 12:0 a.m.61 views

libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer

/ libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTIFF tif, uint8 buffer, tmsizet size, uint16 s struct jbgdecstate...

7.4AI score
Exploits0
OSV
OSV
added 2018/10/17 1:31 a.m.5 views

CVE-2018-3250

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...

6.1CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2018/10/02 7:29 p.m.4 views

CVE-2018-9504

In sdpcopyrawdata of sdpdiscovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

8.8CVSS6.3AI score0.00893EPSS
Exploits0References4
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

CVE-2018-3068

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products subcomponent: Compensation. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS7.3AI score0.01542EPSS
Exploits0References3
OSV
OSV
added 2018/07/18 1:29 p.m.5 views

CVE-2018-2985

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Workflow. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

6.1CVSS7.3AI score0.01542EPSS
Exploits0References3
OSV
OSV
added 2018/07/18 1:29 p.m.7 views

CVE-2018-2953

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Print Server. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

8.2CVSS5.8AI score0.02024EPSS
Exploits0References3
OSV
OSV
added 2018/07/18 1:29 p.m.6 views

CVE-2018-2960

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite subcomponent: Web Access. Supported versions that are affected are 8.4, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows unauthenticated attacker with netwo...

6.1CVSS7.3AI score0.01099EPSS
Exploits0References2
OSV
OSV
added 2018/07/18 1:29 p.m.4 views

CVE-2018-2949

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

6.1CVSS7.3AI score0.01511EPSS
Exploits0References3
Prion
Prion
added 2018/07/13 8:29 p.m.12 views

Code injection

The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...

3.3CVSS7.2AI score0.01079EPSS
Exploits1References3
CNVD
CNVD
added 2018/06/19 12:0 a.m.3 views

Apache Geode server remote code execution vulnerability

Apache Geode server is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode server versions 1.0.0 through 1.4.0. A remote attacker with th...

8.8CVSS8.8AI score0.0264EPSS
Exploits0References1
Veracode
Veracode
added 2018/06/13 3:8 a.m.23 views

Remote Code Execution (RCE)

geode-core is vulnerable to remote code execution RCE attacks. The vulnerability exists as a user with DATA:WRITE privileges can deploy code by invoking an internal geode function, when the geode server is configured with a security manager, causing the RCE attack...

8.8CVSS8.9AI score0.0264EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder