Lucene search
K

198 matches found

Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.3 views

PT-2024-9988 · Glpi · Addressing Glpi Plugin

Name of the Vulnerable Software and Affected Versions: Addressing GLPI plugin versions 3.0.0 through 3.0.3 Description: The issue is related to a poor security check in the Addressing GLPI plugin, which allows an unauthenticated attacker to determine whether data exists by name in GLPI. This can...

8.5CVSS7AI score0.00502EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/10/09 6:26 p.m.43 views

CVE-2024-7038 Information Disclosure in open-webui/open-webui

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...

2.7CVSS0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a fixed MTRRs existence checking vulnerability in the x86/mtrr component...

5.5CVSS6.5AI score0.0024EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.3 views

PT-2024-5805 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

10CVSS8AI score0.00734EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/06/05 2:47 p.m.5 views

jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin

A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...

6.5CVSS5.6AI score0.00698EPSS
Exploits0References5
OSV
OSV
added 2024/05/03 3:15 a.m.3 views

CVE-2023-42092

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS6.2AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.10 views

PT-2024-14773

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the MediaTek vcodec driver in the Linux kernel. The mtk vcodec mem free function is mostly called when the buffer to free exists, but there are instances where th...

5.5CVSS5.8AI score0.00241EPSS
Exploits0
OSV
OSV
added 2024/04/03 5:15 p.m.3 views

CVE-2024-30333

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS6.2AI score0.00914EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/06 5:1 p.m.22 views

CVE-2024-28149

Jenkins HTML Publisher Plugin 1.16 through 1.32 both inclusive does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks and to determine whether a path on the Jenkins controller file system exists...

5.5AI score0.00698EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:3 a.m.25 views

BIT-JENKINS-2021-21606

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...

4.3CVSS5.5AI score0.01215EPSS
Exploits0References2
OSV
OSV
added 2023/12/31 5:15 a.m.1 views

UBUNTU-CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...

7.5CVSS7.1AI score0.00369EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/12/21 12:15 a.m.8 views

CVE-2023-41166

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands...

5.3CVSS5.8AI score0.004EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.93 views

Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds

Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...

7.4AI score
Exploits0
OSV
OSV
added 2023/08/25 12:58 a.m.4 views

CVE-2023-40179 Silverware Games vulnerable to account enumeration via inconsistent responses

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member o...

5.3CVSS6.9AI score0.00377EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.5 views

The authentication vulnerability of the 389 Directory Server server, which arises from information disclosure due to inconsistencies, allows attackers to gain access to confidential data.

The vulnerability of the 389 Directory Server’s authentication service relates to the disclosure of information during the verification of the existence of a record in the database. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to confidential data...

5.3CVSS6AI score0.01538EPSS
Exploits0References11Affected Software4
OSV
OSV
added 2023/03/29 7:15 p.m.3 views

CVE-2022-43641

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS5AI score0.00956EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable to a resource management error that results from not verifying the existence of an object before performing an operation on it, which could be exploited by attackers to obtain sensitive information...

5.5CVSS6.5AI score0.00865EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/03/22 12:0 a.m.5 views

The vulnerability of the win32kfull driver of the Graphics component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the win32kfull driver of the Microsoft Graphics component in Windows operating systems is related to the use of memory after it is freed, due to the lack of checking the existence of objects before performing operations. Exploiting this vulnerability can allow an attacker to...

7CVSS7.4AI score0.00273EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2023/03/09 3:23 p.m.86 views

Exploit for Race Condition in Openbsd Openssh

SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...

5.3CVSS9.3AI score0.98631EPSS
Exploits23
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...

5CVSS8.2AI score0.02472EPSS
Exploits1References4
Rows per page
Query Builder