Lucene search
K

132 matches found

OSV
OSV
added 2023/04/18 2:15 p.m.3 views

CVE-2023-2153

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php of the component POST Parameter Handler. The...

6.1CVSS3.8AI score0.00564EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to enhance their privileges.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges by adding user accounts to administrative groups...

9CVSS7.5AI score0.00632EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/18 12:0 a.m.6 views

PT-2023-17027 · Max Secure · Max Secure Anti Virus Plus

Name of the Vulnerable Software and Affected Versions: Max Secure Anti Virus Plus version 19.0.2.1 Description: A critical issue was found, affecting the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. This leads to improper access controls. The attack must b...

5.5CVSS6.9AI score0.00302EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/01/27 6:57 p.m.6 views

CVE-2023-0549 YAFNET Private Message PostPrivateMessage cross site scripting

A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. T...

4CVSS4.7AI score0.0069EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.6 views

Insyde InsydeH2O 输入验证错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 to 5.5, which ste...

8.2CVSS7.8AI score0.00317EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.8 views

The vulnerability in the JavaScript script handler of Firefox browsers, Firefox ESR, and the email client Thunderbird allows a hacker to execute arbitrary code.

The vulnerability of JavaScript script handlers in Firefox, Firefox ESR, and the email client Thunderbird lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by opening a specially crafted...

7.6CVSS7.5AI score0.00905EPSS
Exploits0References20Affected Software8
OSV
OSV
added 2022/08/02 1:58 p.m.5 views

SUSE-SU-2022:2629-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information...

8.2CVSS8.8AI score0.06451EPSS
Exploits11References108
OSV
OSV
added 2021/12/02 7:15 p.m.3 views

CVE-2021-40334

Missing Handler vulnerability in the proprietary management protocol port TCP 5558 of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x...

7.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2021/12/02 7:15 p.m.12 views

Improper access control

Missing Handler vulnerability in the proprietary management protocol port TCP 5558 of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x...

5CVSS7.4AI score0.00958EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2021/06/01 12:0 a.m.7 views

PUB-A-174151048

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

7.8CVSS7AI score0.00108EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/09/02 12:0 a.m.6 views

The vulnerability of the Internet Explorer browser’s script handler allows a hacker to execute arbitrary code.

The vulnerability of the Internet Explorer browser’s script handler exists due to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS8AI score0.24188EPSS
Exploits0References4Affected Software1
Kaspersky
Kaspersky
added 2020/02/11 12:0 a.m.76 views

KLA11668 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability can be exploited to...

8.8CVSS8.8AI score0.02274EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2019/12/26 12:0 a.m.4 views

mIRC URI Handler Remote Code Execution (CVE-2019-6453)

A remote code execution vulnerability exists in mIRC. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option. Successful exploitation could result in code execution on the target machine in the context of the application...

6.8CVSS8.2AI score0.71776EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2019/07/25 12:0 a.m.7 views

The vulnerability of the Internet Explorer browser’s script handler allows a hacker to execute arbitrary code.

The vulnerability of the Internet Explorer browser’s script handler exists due to errors in memory object handling. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted web page...

7.6CVSS6AI score0.07794EPSS
Exploits0References3Affected Software1
Lenovo
Lenovo
added 2019/04/17 7:9 p.m.43 views

SMI Handler Vulnerability in legacy IBM System x and IBM BladeCenter systems - US

Lenovo Security Advisory: LEN-25165 Potential Impact: Denial of service Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6155 Summary Description: During an internal security review, a potential vulnerability was found in an SMI handler in certain legacy IBM System x and...

7.8CVSS3.2AI score0.00765EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.6 views

The vulnerability of the “rdpsnd_process_ping” function implementation in the RDP client rdesktop, related to reading beyond the memory boundary, allows a attacker to cause a service failure.

The vulnerability of the “rdpsndprocessping” function in the RDP client rdesktop implementation is related to reading data beyond the memory boundary. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.5CVSS7.4AI score0.03826EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/01/18 12:0 a.m.14 views

The vulnerability of the remote procedure call handler “arpc_Span” in the atlcore_.dll library of the resource management system of the Galaktika ERP system allows a malicious actor to read data from the memory of the server process.

The vulnerability of the process handler for remote procedure calls in the “arpcSpan” module of the atlcore.dll library of the resource management system of the Galaktika ERP system is related to the lack of validation for the correctness of received requests. Exploiting this vulnerability allows...

4.3CVSS5.5AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/08/30 12:0 a.m.2 views

Tencent Foxmail Command Injection Vulnerability

Tencent Foxmail is an e-mail client software of China Tencent Tencent. The software mainly provides e-mail sending and receiving functions based on Internet standards. A command injection vulnerability exists in the handling of URI handlers in Tencent Foxmail, which arises from the program failin...

8.8CVSS9.1AI score0.04884EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/08/29 12:0 a.m.6 views

The vulnerability of JavaScript script handlers in Internet Explorer allows a perpetrator to execute arbitrary code.

The vulnerability of JavaScript script handlers in Internet Explorer browsers is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted web page...

10CVSS8.5AI score0.6769EPSS
Exploits2References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/04/27 12:0 a.m.5 views

The vulnerability of the `wma_unified_bcntx_status_event_handler` function in the Android WLAN operating system component from the CAF repository allows a perpetrator to execute arbitrary code.

The vulnerability of the wmaunifiedbcntxstatuseventhandler function in the Android WLAN operating system from the CAF repository involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code within a privileged proces...

7.8CVSS6.2AI score0.00167EPSS
Exploits0References3
Rows per page
Query Builder