Lucene search
K

89 matches found

CNNVD
CNNVD
added 2022/12/13 12:0 a.m.31 views

pgAdmin 代码注入漏洞

pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...

8.8CVSS8.6AI score0.79933EPSS
Exploits0References4
OSV
OSV
added 2022/09/05 4:15 p.m.4 views

CVE-2022-39838

Systematic FIX Adapter ALFAFX 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames...

8.6CVSS5.8AI score0.01511EPSS
Exploits2References3
OSV
OSV
added 2022/08/10 8:16 p.m.1 views

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/06/05 10:15 p.m.6 views

CVE-2022-32291

In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname for a DLL file in a RAM file...

8.8CVSS6AI score0.01503EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/05 12:0 a.m.6 views

RealNetworks Real Player 安全漏洞

RealNetworks Real Player is a cross-platform player from RealNetworks, Inc. for enjoying a wide variety of online audio and video material. A security vulnerability exists in RealNetworks Real Player version 20.1.0.312 and earlier versions, which can be exploited by an attacker to execute arbitra...

8.8CVSS8.4AI score0.01503EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/12/23 12:0 a.m.10 views

PT-2021-24132 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.11.1 Description: An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path, resulting in an SMB network call being made from the Solr host ...

9.8CVSS9.4AI score0.05087EPSS
Exploits0References11
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

UiPath Assistant安全漏洞

UiPath Assistant is a specialized tool from UiPath designed to make interacting with bots from the desktop easy and fun.A security vulnerability exists in UiPath Assistant 21.4.4, which stems from a lack of effective trust management mechanisms in networked systems or products. An attacker could...

10CVSS5.9AI score0.01747EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.28 views

EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2021-2092)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported...

7.5CVSS7AI score0.11296EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.23 views

PHPMailer 代码问题漏洞

PHPMailer is a PHP class library for sending e-mail. A security vulnerability exists in PHPMailer that originates from untrusted data in a path with a UNC pathname, which can be exploited by an attacker to remotely execute code...

8.1CVSS7.7AI score0.02803EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.21 views

PHPMailer 代码问题漏洞

PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...

9.8CVSS5.8AI score0.03095EPSS
Exploits0References10
OSV
OSV
added 2021/02/04 7:15 a.m.5 views

CVE-2020-6088

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.1AI score0.03454EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.43 views

Oracle Linux 8 : bind (ELSA-2020-4500)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4500 advisory. - Fix tsig-request verify CVE-2020-8622 - Prevent PKCS11 daemon crash on crafted packet CVE-2020-8623 - Correct update-policy type subdomain to match...

8.6CVSS6.6AI score0.93422EPSS
Exploits6References5
Veracode
Veracode
added 2020/08/31 4:8 a.m.32 views

Denial Of Service (DoS)

BIND is vulnerable to denial of service, An attacker who on the network path for a TSIG-signed request is able to send a truncated response to that request that will result in an assertion failure, causing the server to exit...

6.5CVSS3.2AI score0.05545EPSS
Exploits0References15Affected Software2
OSV
OSV
added 2020/08/21 9:15 p.m.4 views

ALPINE-CVE-2020-8622

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...

6.5CVSS6.8AI score0.05545EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.50 views

CVE-2020-8622

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...

6.5CVSS7.4AI score0.05545EPSS
Exploits0
OSV
OSV
added 2020/08/03 1:15 p.m.3 views

CVE-2020-4534

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By scheduling a task with a specially-crafted UNC path, an attacker could exploit this vulnerability to execute...

8.8CVSS7.4AI score0.0041EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/04/28 3:59 p.m.9 views

samba: smb client vulnerable to filenames containing path separators

A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working...

6.5CVSS7.3AI score0.03515EPSS
Exploits0References5
OSV
OSV
added 2020/04/06 10:15 p.m.3 views

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

7.5CVSS7.1AI score0.01209EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2019/10/17 7:17 p.m.30 views

CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

7.5CVSS6.3AI score0.01262EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/10/16 12:0 a.m.32 views

CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

7.5CVSS6.8AI score0.01262EPSS
Exploits0References1
Rows per page
Query Builder