Lucene search
K

323 matches found

CVE
CVE
added 2022/03/09 7:30 p.m.159 views

CVE-2022-24349

CVE-2022-24349: In Zabbix, an authenticated user can create a hosts group with a stored XSS payload that becomes available to other users. When users search groups (and similar vectors described in the Debian/SUSE advisories), the XSS payload can execute in the victim’s browser, enabling actions ...

4.6CVSS5AI score0.00779EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2022/03/09 7:30 p.m.67 views

CVE-2022-24349

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...

4.6CVSS3.4AI score0.00779EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2018-0283)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.04629EPSS
Exploits0References4
OSV
OSV
added 2022/01/01 5:15 a.m.25 views

CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion...

4.8CVSS6.7AI score
Exploits0References6
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.36 views

CVE-2021-21902

An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this...

7.5CVSS8.4AI score0.01723EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/11/08 12:0 a.m.13 views

Mozilla Firefox Security Advisory (MFSA2016-63) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS6.9AI score0.01459EPSS
Exploits0References3
NVD
NVD
added 2021/10/06 6:15 p.m.14 views

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...

7.5CVSS0.00385EPSS
Exploits0References1
Prion
Prion
added 2021/10/06 6:15 p.m.18 views

Design/Logic Flaw

A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection...

5CVSS7.4AI score0.0046EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/06 5:9 p.m.54 views

CVE-2021-25480

CVE-2021-25480 describes a vulnerability in the GUTI REALLOCATION COMMAND handling within Qualcomm modems, where a lack of replay attack protection before Samsung’s SMR Oct-2021 Release 1 could enable remote denial of service on the mobile network connection. The issue is tied to Qualcomm modem p...

7.5CVSS7.4AI score0.0046EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/06 5:8 p.m.44 views

CVE-2021-25471

The vulnerability CVE-2021-25471 affects Samsung devices in the Security Mode Command (SMC) processing path where replay protection is missing. This lack of replay attack protection can cause denial of service to mobile network connections and result in battery depletion. Documented impact is tie...

7.5CVSS7.4AI score0.00385EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/06 5:8 p.m.19 views

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion...

3.7CVSS7.7AI score0.00385EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.20 views

Samba < 3.4.0 Remote Code Execution Vulnerability (CVE-2012-0870)

Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...

7.9CVSS8.7AI score0.06499EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/09/11 12:0 a.m.23 views

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.7, 3.9.x < 3.9.1 Python Issue (bpo-41944) - Mac OS X

Python is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

9.8CVSS10AI score0.08235EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2021/04/29 5:0 p.m.38 views

Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK® for Containers matrix

The MITRE ATT&CK® for Containers matrix was published today, establishing an industry knowledge base of attack techniques associated with containerization and related technologies that are increasingly more ubiquitous in the current computing landscape. Microsoft is happy to have contributed and...

7.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.4 views

PT-2021-8368 · Go · Go

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: The issue arises from the RemoteAddr and LocalAddr methods on the returned net.Conn, which may call themselves, leading to an infinite loop. This loop will cause the program to crash due to a...

7.5CVSS6.9AI score0.00782EPSS
Exploits0References9
Cvelist
Cvelist
added 2021/03/31 1:41 p.m.35 views

CVE-2021-23985

If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker able to make a direct network...

6.9AI score0.01397EPSS
Exploits0References2
Fedora
Fedora
added 2021/02/26 1:10 a.m.84 views

[SECURITY] Fedora 33 Update: postgresql-12.6-1.fc33

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

8.8CVSS8.2AI score0.4644EPSS
Exploits0
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.329 views

Klog Server 2.4.1 Command Injection

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

10CVSS9.6AI score0.87987EPSS
Exploits8
NVD
NVD
added 2020/10/07 7:15 p.m.10 views

CVE-2020-26164

In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...

5.5CVSS0.00551EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2020/10/07 7:15 p.m.26 views

CVE-2020-26164

In kdeconnect-kde aka KDE Connect before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack...

5.5CVSS6.1AI score0.00551EPSS
Exploits0References22
Rows per page
Query Builder