CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3499 matches found

Prion•added 2021/08/05 9:15 p.m.•12 views

Input validation

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...

9.3CVSS8.8AI score0.01477EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/08/05 8:24 p.m.•19 views

CVE-2020-7863 Raonwiz RAON K Upload Arbitrary Command Execution Vulnerability

8.8CVSS9AI score0.01477EPSS

Exploits0References2

CVE•added 2021/08/05 8:24 p.m.•67 views

CVE-2020-7863

CVE-2020-7863 affects Raonwiz’s File Transfer Solution (Raon K Upload). The issue is caused by insufficient validation of a parameter in a specific method, enabling an attacker to supply a crafted value that executes arbitrary commands on the target system as the user. Exploitation relies on view...

9.3CVSS9.1AI score0.01477EPSS

Exploits0References2Affected Software1

OSV•added 2021/08/05 8:19 a.m.•5 views

OPENSUSE-SU-2021:2614-1 Security update for spice-vdagent

This update for spice-vdagent fixes the following issues: - Update to version 0.21.0 - CVE-2020-25650: memory DoS via arbitrary entries in activexfers hash table bsc1177780 - CVE-2020-25651: possible file transfer DoS and information leak via activexfers hash map bsc1177781 - CVE-2020-25652:...

6.4CVSS6.3AI score0.0049EPSS

Exploits4References10

OSV•added 2021/08/05 8:19 a.m.•8 views

SUSE-SU-2021:2614-1 Security update for spice-vdagent

6.4CVSS6.2AI score0.0049EPSS

Exploits4References10

CNNVD•added 2021/08/05 12:0 a.m.•4 views

Raonwiz K Upload 输入验证错误漏洞

Raonwiz K Upload is a file transfer component from the Korean company Raonwiz. Raonwiz K Upload suffers from a security vulnerability that originates as a result of insufficient validation of parameters for specific methods in Raonwiz's file transfer solution. An attacker can exploit the...

9.3CVSS8.4AI score0.01477EPSS

Exploits0References2

CNNVD•added 2021/08/05 12:0 a.m.•5 views

HCC Embedded InterNiche 安全漏洞

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in the HCC Embedded InterNiche stack and NicheLite, which stems from the TFTP message processing feature that does not guarantee that filenames end in null, and can be exploited by an attacker to cause a denial of...

7.8CVSS5.6AI score0.023EPSS

Exploits0References6

OPENSUSE Linux•added 2021/08/05 12:0 a.m.•84 views

Security update for spice-vdagent (important)

openSUSE Security Update: Security update for spice-vdagent Announcement ID: openSUSE-SU-2021:2614-1 Rating: important References: 1173749 1177780 1177781 1177782 1177783 Cross-References: CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653 CVSS scores: CVE-2020-25650 NVD : 5.5...

8.8CVSS7.1AI score0.0049EPSS

Exploits4References5

CNNVD•added 2021/08/04 12:0 a.m.•3 views

Cisco ConfD 安全漏洞

Cisco ConfD is a management software from Cisco USA. A security vulnerability exists in Cisco ConfD that stems from the affected software incorrectly running SFTP user services with a privileged user enabled CLI when ConfD's built-in SSH server is running. The vulnerability allows an authenticate...

7.8CVSS7.8AI score0.00247EPSS

Exploits0References5

OSV•added 2021/08/03 2:15 p.m.•2 views

ALPINE-CVE-2021-36159

libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the...

9.1CVSS6.9AI score0.02637EPSS

Exploits1References1

CNNVD•added 2021/08/03 12:0 a.m.•4 views

libfetch 缓冲区错误漏洞

libfetch is a browser extension that makes it easier to access the content of electronic resources subscribed to by the NIE Library. A buffer error vulnerability exists in libfetch that stems from incorrectly handling strings of numbers for the FTP and HTTP protocols. the FTP passive mode...

9.1CVSS8.4AI score0.02637EPSS

Exploits1References8

Positive Technologies•added 2021/08/03 12:0 a.m.•4 views

PT-2021-21147 · Libfetch +2 · Libfetch +2

Name of the Vulnerable Software and Affected Versions: libfetch versions prior to 2021-07-26 Description: The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol t...

9.8CVSS7.4AI score0.87816EPSS

Exploits2References15

CNVD•added 2021/07/28 12:0 a.m.•17 views

IBM Sterling Connect Clickjacking Vulnerability

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM, U.S.A. A clickjacking vulnerability exists in IBM Sterling Connec versions 1.4.1.1 and 1.5.0.2, which stems from a program that does not adequately protect HTML iframes. A remote attacker could exploit The...

5.4CVSS3.2AI score0.00641EPSS

Exploits0References1

Microsoft Secure•added 2021/07/22 6:0 p.m.•47 views

How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design CAD files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files...

6.5AI score

Exploits0