Lucene search
K

3348 matches found

ICS
ICS
added 2020/04/15 12:0 p.m.59 views

Continued Exploitation of Pulse Secure VPN Vulnerability

Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. 1 Although Pulse Secur...

10CVSS9.9AI score0.99999EPSS
Exploits22References31
RedhatCVE
RedhatCVE
added 2020/04/09 10:54 a.m.26 views

CVE-2019-12814

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files. Mitigation This vulnerability relies on jdom...

7.5CVSS3.8AI score0.10951EPSS
Exploits0References3
NVD
NVD
added 2020/04/04 5:15 p.m.11 views

CVE-2020-11527

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files...

7.5CVSS7.5AI score0.09476EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/01 12:0 a.m.3 views

Ocean cms has arbitrary file reading vulnerability

Ocean CMS is a building system based on PHP+MYSQL architecture and supports cross-platform operation. Ocean cms there are arbitrary file reading vulnerability, attackers can use the vulnerability to obtain sensitive information...

6.9AI score
Exploits0
OSV
OSV
added 2020/03/31 1:7 p.m.5 views

OPENSUSE-SU-2020:0429-1 Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issues: - CVE-2019-12921: Fixed an issue where text filename components potentially coulf have allowed reading of arbitrary files via TranslateTextEx boo1167208. - CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow...

9.8CVSS8.3AI score0.08005EPSS
Exploits0References5
Debian
Debian
added 2020/03/21 10:30 p.m.85 views

[SECURITY] [DLA 2152-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.20-3+deb8u9 CVE ID : CVE-2019-12921 A vulnerability was discovered in graphicsmagick, a collection of image processing tools, that allows allows an attacker to read arbitrary files via a crafted image because of TranslateTextEx for SVG. For Debian 8 "Jessie"...

6.5CVSS7AI score0.08005EPSS
Exploits0
OSV
OSV
added 2020/03/18 7:15 p.m.10 views

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

6.5CVSS6.9AI score0.08005EPSS
Exploits0References6
NVD
NVD
added 2020/03/16 10:15 p.m.18 views

CVE-2019-20191

Oxygen XML Editor 21.1.1 allows XXE to read any file...

7.5CVSS7.4AI score0.01145EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 3:15 p.m.12 views

CVE-2019-17636

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...

8.1CVSS6.6AI score
Exploits0References1
CNVD
CNVD
added 2020/03/10 12:0 a.m.2 views

Arbitrary file reading vulnerability in XunYou cms

Hengshui Xunchi Internet Information Service Co., Ltd. is based on the Internet to provide domain name registration, marketing website construction, SEO optimization, Alibaba hosting, comprehensive promotion and other comprehensive e-commerce consulting and solutions to the IT company, the compan...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2020/03/02 3:12 p.m.16 views

CVE-2019-12183

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...

7.5AI score0.02068EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/02/28 12:0 a.m.39 views

Wireshark 3.2.x < 3.2.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.2 advisory. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak...

7.5CVSS7.2AI score0.03109EPSS
Exploits3References13
Debian CVE
Debian CVE
added 2020/02/20 2:33 p.m.28 views

CVE-2014-4659

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...

5.5CVSS5.6AI score0.00362EPSS
Exploits0
CNVD
CNVD
added 2020/02/17 12:0 a.m.1 views

XML Entity Injection Vulnerability in YouDianCMS

YouDianCMS is an enterprise website management system developed by Changsha YouDian Software Technology Co. YouDianCMS suffers from an XML entity injection vulnerability. An attacker can exploit the vulnerability to read arbitrary files, execute system commands, and probe intranet ports...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/14 10:5 p.m.8 views

Security Bulletin: IBM FileNet Content Manager and Case Foundation security vulnerability in Administration Console for Content Platform Engine (ACCE)

Summary IBM FileNet Content Manager and Case Foundation have multiple security vulnerabilities in Administration Console for Content Platform Engine ACCE. Vulnerability Details CVEID: CVE-2019-4642 DESCRIPTION: IBM FileNet Content Manager allows web pages to be stored locally which can be read by...

0.5AI score
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2020/02/11 12:0 a.m.6 views

PT-2020-1704

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.99 Apache Tomcat versions 8.5.0 through 8.5.50 Apache Tomcat versions 9.0.0.M1 through 9.0.0.30 Description The issue is related to the Apache JServ Protocol AJP connector in Apache Tomcat, which can...

10CVSS8.6AI score0.9927EPSS
Exploits45References340
CNVD
CNVD
added 2020/01/22 12:0 a.m.3 views

WordPress WP Database Backup File Read Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP Database Backup is a data backup plugin used in it. A security vulnerability exists in WordPress WP Database Backup 5.5 and earlier...

7.5CVSS6.5AI score0.02431EPSS
Exploits1References1
NVD
NVD
added 2020/01/21 9:15 p.m.33 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...

8.2CVSS7.7AI score0.67859EPSS
Exploits5References3
Prion
Prion
added 2020/01/21 9:15 p.m.22 views

Cross site scripting

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...

5.8CVSS7.6AI score0.67859EPSS
Exploits5References2Affected Software2
Cvelist
Cvelist
added 2020/01/21 8:30 p.m.33 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...

7.7AI score0.67859EPSS
Exploits5References2
Rows per page
Query Builder