Lucene search
K

330 matches found

Veracode
Veracode
added 2020/07/27 6:40 a.m.26 views

Denial Of Service (DoS)

libvpx.so is vulnerable to denial of service DoS. The vulnerability exists because of lack of proper validation of input parameters in mkvparser.cc, leading to a resource consumption and application crash...

6.5CVSS3.8AI score0.03071EPSS
Exploits0References13Affected Software2
WPVulnDB
WPVulnDB
added 2020/04/06 12:0 a.m.20 views

Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)

The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues PoC Put the following payload in the In Products Search box: " POST /search HTTP/1.1 Accept:...

4.3CVSS1.7AI score0.01167EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2019/11/05 8:15 p.m.20 views

Design/Logic Flaw

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

2.1CVSS5.5AI score0.00309EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2019/07/05 9:8 p.m.29 views

GHSA-H595-8PW6-5Q6V Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

7.5CVSS7.4AI score0.74048EPSS
Exploits4References5
Github Security Blog
Github Security Blog
added 2019/07/05 9:8 p.m.74 views

Inadequate Encryption Strength in DotNetNuke

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS3.9AI score0.74048EPSS
Exploits4References6Affected Software1
OSV
OSV
added 2019/07/03 5:15 p.m.32 views

CVE-2018-18325

DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...

7.5CVSS7.6AI score0.74048EPSS
Exploits4References4
CVE
CVE
added 2019/07/03 4:37 p.m.1103 views

CVE-2018-18325

Summary: CVE-2018-18325 affects DNN (DotNetNuke) platforms running version 9.2 through 9.2.2. The issue is an inadequate encryption strength for input parameters, arising from an incomplete fix for CVE-2018-15811. The vulnerability is tied to the use of a weak encryption algorithm in protecting i...

7.5CVSS7.5AI score0.74048EPSS
In wildExploits4References4Affected Software1
Cvelist
Cvelist
added 2019/07/03 4:23 p.m.32 views

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

7.3AI score0.74048EPSS
Exploits4References3
CVE
CVE
added 2019/07/03 4:23 p.m.1126 views

CVE-2018-15811

CVE-2018-15811 – DNN series (DotNetNuke) vulnerable to weak encryption . The provided sources confirm that DNN platforms running 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters (notably in cookies), representing a vulnerability in the protection of parameter data. Th...

7.5CVSS7.3AI score0.74048EPSS
In wildExploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/07/03 12:0 a.m.17 views

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

7.5CVSS6.7AI score0.74048EPSS
In wildExploits4References4
OSV
OSV
added 2019/06/20 2:15 p.m.15 views

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...

4.3CVSS7.2AI score
Exploits0References1
NVD
NVD
added 2019/06/20 2:15 p.m.20 views

CVE-2018-16251

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...

4.3CVSS4.9AI score0.00931EPSS
Exploits1References1
Prion
Prion
added 2019/06/20 2:15 p.m.14 views

Design/Logic Flaw

A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...

4CVSS5AI score0.00931EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/04/25 9:29 p.m.15 views

Directory traversal

Dell EMC Open Manage System Administrator OMSA versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient...

4CVSS5.2AI score0.03514EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/25 8:17 p.m.25 views

CVE-2019-3720 Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator OMSA versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient...

4.9CVSS5.1AI score0.03514EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/07 7:0 p.m.24 views

CVE-2019-1677 Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...

5CVSS4.6AI score0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2019/02/07 7:0 p.m.9 views

CVE-2019-1677 Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...

5CVSS6.1AI score0.00392EPSS
Exploits0References2
Veracode
Veracode
added 2018/11/09 6:14 a.m.12 views

Cross-Site Scripting (XSS)

PrimeFaces Extensions is vulnerable to cross-site scripting XSS. The vulnerability is possible because it fails to validate the input parameters in the triStateManyCheckbox function...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/10/30 10:4 a.m.4 views

kernel: MIDI driver race condition leads to a double-free

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

7.8CVSS7AI score0.00523EPSS
Exploits0References4
NVD
NVD
added 2018/10/17 3:29 p.m.28 views

CVE-2017-17176

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156,...

7.2CVSS6.7AI score0.00309EPSS
Exploits0References1
Rows per page
Query Builder