Lucene search
K

71 matches found

Snyk
Snyk
added 2023/06/14 12:0 a.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation There is no fixed version for Microsoft.Build.NuGetSdkResolver...

7.1CVSS7.3AI score0.01148EPSS
Exploits0References2
hivepro
hivepro
added 2023/03/02 9:59 a.m.39 views

Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...

0.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:11 a.m.4 views

SUSE CVE-2015-8455

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial o...

10CVSS8AI score0.06133EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.6 views

SUSE CVE-2016-6983

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4273,...

8.8CVSS8AI score0.04957EPSS
Exploits0References4
CNVD
CNVD
added 2022/10/11 12:0 a.m.27 views

strongSwan trust management issue vulnerability

strongSwan is a set of open source IPsec-based VPN solution for Linux platforms used by Andreas Steffen, a personal developer in Switzerland. The solution contains X.509 public key certificates, secure storage private keys, smart cards and other authentication mechanisms. strongSwan versions prio...

7.5CVSS3.5AI score0.01634EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/04 12:0 a.m.17 views

strongSwan 资源管理错误漏洞

strongSwan is a set of open source IPsec-based VPN solution for Linux platforms used by Andreas Steffen, a personal developer in Switzerland. The solution contains X.509 public key certificates, secure storage private keys, smart cards and other authentication mechanisms. strongSwan versions prio...

7.5CVSS7AI score0.01634EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.4 views

DPDK 安全漏洞

DPDK is a data plane development kit for Linux-based platforms. The product supports execution of packet processing on multiple CPU architectures. A security vulnerability exists in DPDK. An attacker exploits the vulnerability to trigger a denial-of-service attack...

8.6CVSS6.9AI score0.01772EPSS
Exploits1References22
CNVD
CNVD
added 2020/01/10 12:0 a.m.2 views

Snare for Linux Cross-Site Request Forgery Vulnerability

Snare for Linux is a log collection and analysis tool for Linux-based platforms. A cross-site request forgery vulnerability exists in the web interface in versions of Snare prior to 1.7.0 for Linux-based platforms. The vulnerability stems from a WEB application that does not adequately validate...

6.5CVSS6.8AI score0.0066EPSS
Exploits1References1
OSV
OSV
added 2019/02/03 8:29 a.m.5 views

CVE-2019-7312

Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows ANSSI qualification submission before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac...

5.3CVSS6.1AI score0.01103EPSS
Exploits0References1
OSV
OSV
added 2018/09/11 2:6 a.m.5 views

USN-3762-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities

It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2018-1118 Seunghun Han discovered an information leak in the ACPI handling code in the...

5.5CVSS6.7AI score0.00436EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/08 12:0 a.m.2 views

Brave Denial of Service Vulnerability (CNVD-2018-09308)

Brave is a Web browser product from Brave Software, Inc. in the United States. A security vulnerability exists in versions of Brave prior to 0.14.0 based on Linux or other platforms, which stems from the program's failure to properly handle JavaScrip code. An attacker could exploit this...

6.5CVSS6.7AI score0.00821EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/27 12:0 a.m.2 views

Hyland Perceptive Document Filters Memory Misreference Vulnerability

Hyland Perceptive Document Filters is a document conversion toolkit from Hyland Software. The product is able to recognize and extract metadata from documents, and supports the conversion of many types of documents. A security vulnerability exists in version 11.4.0.2647 of Hyland Perceptive...

8.8CVSS7.3AI score0.03002EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/10 12:0 a.m.3 views

ImageMagick heap buffer overflow vulnerability (CNVD-2017-14613)

ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick suffers from a heap buffer overflow vulnerability due to a failure to adequately define checking user-supplied data before copying it to a location with an insufficient buffer. An attacker could...

8.8CVSS7.9AI score0.03583EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2016/07/13 2:0 a.m.2 views

CVE-2016-4217

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

9.3CVSS6.2AI score0.20475EPSS
Exploits8References8
exploitpack
exploitpack
added 2016/05/16 12:0 a.m.40 views

Web2py 2.14.5 - Multiple Vulnerabilities

Web2py 2.14.5 - Multiple Vulnerabilities Title - Web2py 2.14.5 Multiple Vulnerabilities LFI,XSS,CSRF Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF Reported Date : 2-April-2016 Fixed Date : 4-April-2016 Exploit Author : Narendra Bhati -...

6.8CVSS6.6AI score0.10077EPSS
Exploits7
CNVD
CNVD
added 2015/12/31 12:0 a.m.4 views

Adobe Flash Playe Memory Misreference Vulnerability (CNVD-2016-000167)

FlashPlayer is a multimedia program player. Adobe AIR is a technology developed for the integration of web and desktop applications, allowing control of cloud-based programs on the web without having to go through a browser. On Windows and OS X platforms, Adobe Flash Player versions prior to...

9.3CVSS9.2AI score0.07366EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/31 12:0 a.m.2 views

Adobe Flash Player Memory Misreference Vulnerability (CNVD-2016-00017)

FlashPlayer is a multimedia program player. Adobe AIR is a technology developed for the integration of web and desktop applications, allowing control of cloud-based programs on the web without having to go through a browser. On Windows and OS X platforms, Adobe Flash Player versions prior to...

9.3CVSS9.2AI score0.07366EPSS
Exploits0References1
OSV
OSV
added 2015/12/10 5:59 a.m.2 views

UBUNTU-CVE-2015-8055

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

10CVSS7.6AI score0.05794EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/10226/info Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with...

7.1AI score
Exploits0
Prion
Prion
added 2014/04/23 7:55 p.m.22 views

Code injection

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, ak...

5CVSS8AI score0.04108EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder