Lucene search
K

220 matches found

CNNVD
CNNVD
added 2021/05/03 12:0 a.m.9 views

Qualcomm 组件输入验证错误漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. An intrinsic part that provides the functionality of Qualcomm devices. The Qualcomm Component is vulnerable to an input validation error vulnerability that could result in a denial of service condition due to improper handling of...

7.5CVSS7.3AI score0.00674EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/03/05 8:45 p.m.195 views

U.S. Weapons Programs Lack 'Key' Cybersecurity Measures

Weapons programs from the U.S. Department of Defense DoD are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out...

7.4AI score
Exploits0References8
CVE
CVE
added 2021/01/20 2:50 p.m.65 views

CVE-2021-2093

CVE-2021-2093 affects Oracle E-Business Suite, specifically the Oracle Common Applications component (CRM User Management Framework). Affected versions are 12.1.1–12.1.3 and 12.2.3–12.2.10. The vulnerability enables unauthenticated access via HTTP from a network contact; exploitation requires use...

8.2CVSS8.4AI score0.01169EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/12/03 12:0 a.m.1 views

Command execution vulnerability in vaeThink backend Au***.php file

vaeThink is a PHP content management framework built on Layui and tp5. A command execution vulnerability exists in the vaeThink backend Au.php file. An attacker can exploit this vulnerability to gain server privileges...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/10/11 12:0 a.m.77 views

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

5.9CVSS2.8AI score0.02141EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/25 12:0 a.m.2 views

Cisco IOS XE Information Disclosure and Denial of Service Vulnerability (CNVD-2020-57582)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An information disclosure and denial of service vulnerability exists in the Web management framework of Cisco IOS XE. An attacker could exploit this vulnerability to gain...

8.1CVSS6.3AI score0.01374EPSS
Exploits0References1
OSV
OSV
added 2020/09/24 6:15 p.m.5 views

CVE-2020-3141

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...

8.8CVSS7.4AI score0.0178EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/24 6:1 p.m.24 views

CVE-2020-3425 Cisco IOS XE Software Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the...

8.8CVSS8.7AI score0.01804EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/09/24 5:52 p.m.11 views

CVE-2020-3475 Cisco IOS XE Software Web Management Framework Vulnerabilities

Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service DoS...

4.3CVSS7.3AI score0.01374EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/29 12:0 a.m.13 views

The vulnerability of the CRM User Management Framework component of Oracle Common Applications allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of Oracle Common Applications is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data...

4.7CVSS6.4AI score0.01024EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/15 6:15 p.m.4 views

CVE-2020-14716

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

4.7CVSS6.7AI score0.00985EPSS
Exploits0References1
NVD
NVD
added 2020/07/15 6:15 p.m.23 views

CVE-2020-14716

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

4.7CVSS0.00985EPSS
Exploits0References1
NVD
NVD
added 2020/07/15 6:15 p.m.21 views

CVE-2020-14688

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

8.2CVSS0.01256EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/15 5:34 p.m.31 views

CVE-2020-14717

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

4.7CVSS5.1AI score0.01024EPSS
Exploits0References1
CVE
CVE
added 2020/07/15 5:34 p.m.55 views

CVE-2020-14717

CVE-2020-14717 affects Oracle E-Business Suite, specifically the Common Applications CRM User Management Framework . Affected versions are 12.1.3 and 12.2.3–12.2.9 . The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise Oracle Common Applications. Althou...

4.7CVSS4.4AI score0.01024EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/15 5:34 p.m.51 views

CVE-2020-14716

CVE-2020-14716 affects Oracle E-Business Suite, specifically the Common Applications component (CRM User Management Framework). Affected versions are 12.1.3 and 12.2.3–12.2.9 . The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Common Applicatio...

4.7CVSS4.4AI score0.00985EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/04/30 8:54 p.m.287 views

Salt Bugs Allow Full RCE as Root on Cloud Servers

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...

7.5CVSS9.7AI score0.96405EPSS
Exploits25References8
CNVD
CNVD
added 2019/12/10 12:0 a.m.1 views

File Upload Vulnerability in vaethink v1.0.1

vaeThink pronounced:v think is a lightweight, high speed PHP content management framework built on ThinkPHP backend and Layui frontend ui. vaethink v1.0.1 has a file upload vulnerability that can be exploited by attackers to gain access to server information and permissions...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2019/10/18 12:0 a.m.134 views

Debian: Security Advisory (DLA-1960-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.05181EPSS
Exploits5References3
RedHat Linux
RedHat Linux
added 2019/04/09 5:27 p.m.7 views

katello-installer-base: QMF methods exposed to goferd via qdrouterd

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...

8CVSS5.8AI score0.00692EPSS
Exploits0References4
Rows per page
Query Builder