Lucene search
K

38 matches found

OSV
OSV
added 2022/07/21 4:15 a.m.3 views

UBUNTU-CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.5CVSS6.5AI score0.00584EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/02/01 8:15 p.m.4 views

CVE-2022-24198

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...

6.5CVSS5.9AI score0.00547EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/10/27 12:0 a.m.3 views

PT-2021-4604 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacke...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.3 views

IBM Tivoli Storage Manager Operations Center 缓冲区错误漏洞

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Operations Center, a next-generation simplified backup management solution from IBM USA, which can be exploited in The vulnerability can be exploited in "interactive" mode and cannot be exploited in batch or command line use due...

7CVSS6.1AI score0.00415EPSS
Exploits1References3
OSV
OSV
added 2021/04/27 6:15 a.m.3 views

DEBIAN-CVE-2019-25039

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

9.8CVSS8.4AI score0.02037EPSS
Exploits0References1
OSV
OSV
added 2021/04/27 6:15 a.m.1 views

DEBIAN-CVE-2019-25040

Unbound before 1.9.5 allows an infinite loop via a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

7.5CVSS7.7AI score0.01989EPSS
Exploits0References1
NVD
NVD
added 2020/09/19 8:15 p.m.30 views

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...

6.1CVSS0.00988EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/01/15 3:15 p.m.3 views

CVE-2015-1850

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none...

6.5AI score
Exploits0References3
CVE
CVE
added 2020/01/15 2:24 p.m.79 views

CVE-2015-1850

CVE-2015-1850 entry is rejected and not an active vulnerability; do not use this candidate number.

4.8AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2017/03/10 12:0 a.m.8 views

DLL hijacking and the Opera browser

Security DLL hijacking and the Opera browser Share March 10th, 2017 Recently, a collection of documents was released online, which was claimed to have originated with a major World power. The documents listed hacking vectors that could be used to inject code into major operating systems and...

8.8CVSS6.9AI score0.05036EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.43 views

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

7.8CVSS6.2AI score0.05542EPSS
Exploits50References57
Exploit DB
Exploit DB
added 2013/11/30 12:0 a.m.18 views

FlashComs Chat 6.5 - Arbitrary File Upload

"@".$options'f'."","fileId" = $options"f"; $result = curlexec$handle; ifstrpos$result,"UPLOADSUCCESS" echo "\n\n"; echo "\t+ Exploitation success!!\n"; echo "\t...

7.4AI score
Exploits0
Prion
Prion
added 2013/04/16 2:4 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...

4.3CVSS5.9AI score0.04705EPSS
Exploits1References12Affected Software1
Microsoft KB
Microsoft KB
added 2012/06/12 12:0 a.m.128 views

MS12-042: Vulnerabilities in Windows Kernel could allow elevation of privilege: June 12, 2012

Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this...

8.3CVSS8.8AI score0.37212EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2007/04/30 10:19 p.m.3 views

CVE-2007-2056

Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files aka "time-of-check-time-of-use file race". NOTE: the researcher has retracted the original advisory, stating that "th...

5.9AI score
Exploits0References1
Opera Security Advisories
Opera Security Advisories
added 2005/11/23 12:0 a.m.7 views

Specially crafted Java applets can crash Opera – Opera Security Advisories

Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...

5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2003/11/17 5:0 a.m.1 views

CVE-2003-0790

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, th...

5.6AI score
Exploits0References1
CVE
CVE
added 2003/10/25 4:0 a.m.32 views

CVE-2003-0790

This CVE entry is rejected/not used and does not represent an active vulnerability.

6.6AI score
Exploits0
Rows per page
Query Builder