Lucene search
K

45 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

MCP JSON Config Detected (macOS)

Binary data macosxmcpjsonconfigdetected.nbin...

7.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/05 5:19 p.m.6 views

CVE-2025-6072

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...

8.2CVSS6.4AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2025/07/03 5:15 p.m.6 views

CVE-2025-6072

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...

8.2CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 2025/07/03 4:53 p.m.20 views

CVE-2025-6072

CVE-2025-6072 affects ABB RMC-100 and RMC-100 LITE. The root cause is a stack-based buffer overflow in the REST interface when processing JSON configuration, enabling overflow of the expiration date field (and related CVE-2025-6074 flow). Impact cited includes potential denial of service and expo...

8.2CVSS7.4AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/03 4:53 p.m.9 views

CVE-2025-6072 Stack Buffer Overflow in MQTTCore

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...

8.2CVSS0.00326EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/03 4:53 p.m.4 views

CVE-2025-6072 Stack Buffer Overflow in MQTTCore

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and CVE-2025-6074 is exploited, the attacker can use the JSON configuration to overflow the date of expiration field.Thi...

8.2CVSS6.5AI score0.00326EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.5 views

PT-2025-27816 · Abb · Abb Rmc-100 Lite +1

Name of the Vulnerable Software and Affected Versions: ABB RMC-100 versions 2105457-043 through 2105457-045 ABB RMC-100 LITE versions 2106229-015 through 2106229-016 Description: The issue is a Stack-based Buffer Overflow vulnerability. When the REST interface is enabled and an attacker gains...

8.2CVSS6.6AI score0.00326EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 a.m.4 views

CVE-2015-9431

The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=qtranslate-x jsonconfigfiles or jsoncustomi18nconfig parameter...

6.5CVSS6.2AI score0.00867EPSS
Exploits1References1
Fedora
Fedora
added 2024/03/27 12:15 a.m.37 views

[SECURITY] Fedora 40 Update: netavark-1.10.3-3.fc40

OCI network stack Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also applicable for other OCI container management applications. Netavark is a tool for configuring networking for Linux containers. Its features include: Configuration of...

8.6CVSS8.7AI score0.0049EPSS
Exploits0
OSV
OSV
added 2022/04/12 4:15 p.m.30 views

CVE-2022-21803

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...

7.5CVSS6.5AI score
Exploits0References4
Kitploit
Kitploit
added 2020/08/18 12:30 p.m.22 views

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...

6.8AI score
Exploits0References7
Veracode
Veracode
added 2020/07/13 2:47 a.m.21 views

Cross-Site Scripting (XSS)

timelinejs3 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via unprotected Google Sheets or a JSON configuration file...

7.2CVSS4AI score0.0106EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/07/09 6:25 p.m.34 views

CVE-2020-15092 Stored XSS in TimelineJS3

In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Mos...

7.2CVSS6.6AI score0.0106EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2019/10/14 4:0 p.m.109 views

Phishing Tool Analysis: Modlishka

Additional research and support provided by Danny Wasserman. Overview One of the goals of phishing sites is to lure individuals into providing sensitive data, such as personally identifiable information, banking and credit card details, and passwords, through the use of email, SMS, social media,...

Exploits0
Cvelist
Cvelist
added 2019/09/26 2:22 p.m.25 views

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...

5.5AI score0.0183EPSS
Exploits0References1
Mageia
Mageia
added 2017/12/01 11:13 p.m.22 views

Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.6AI score0.01274EPSS
Exploits1References3
OSV
OSV
added 2017/12/01 11:13 p.m.7 views

MGASA-2017-0436 Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.8AI score0.01274EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.32 views

openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)

This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...

7.8CVSS7.2AI score0.01274EPSS
Exploits1References2
NVD
NVD
added 2017/10/27 4:29 p.m.10 views

CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.8AI score0.01274EPSS
Exploits1References5
CVE
CVE
added 2017/10/27 4:0 p.m.80 views

CVE-2017-15924

CVE-2017-15924 affects shadowsocks-libev (ss-manager) on version 3.1.0. Improper parsing of a JSON configuration request received via 127.0.0.1 UDP traffic enables local command injection through shell metacharacters in add_server, build_config, and construct_command_line pathways, potentially al...

7.8CVSS7.7AI score0.01274EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder