Lucene search
K

322 matches found

NVD
NVD
added 2020/12/18 12:15 a.m.12 views

CVE-2020-13510

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

6.5CVSS6.2AI score0.00375EPSS
Exploits1References1
Prion
Prion
added 2020/12/18 12:15 a.m.19 views

Information disclosure

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

2.1CVSS6.2AI score0.00509EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/12/18 12:15 a.m.16 views

Information disclosure

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

2.1CVSS6.2AI score0.00375EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/17 11:46 p.m.14 views

CVE-2020-13511

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at ...

6.5CVSS6.2AI score0.00509EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.5 views

The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region a related issue to CVE-2010-0306.

...

6.5CVSS7AI score0.02416EPSS
Exploits0
NVD
NVD
added 2020/09/16 7:15 p.m.43 views

CVE-2020-13259

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

9.3CVSS0.04663EPSS
Exploits6References2
Prion
Prion
added 2020/09/16 7:15 p.m.20 views

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

9.3CVSS7.6AI score0.04663EPSS
Exploits7References2Affected Software1
GithubExploit
GithubExploit
added 2020/08/31 1:22 p.m.71 views

Exploit for Cross-Site Request Forgery (CSRF) in Rad Secflow-1V_Firmware

CVE-2020-13259 PoC of Full Account Takeover on RAD SecFlow-1v...

9.3CVSS7.6AI score0.04663EPSS
Exploits7
Prion
Prion
added 2020/08/27 1:15 p.m.15 views

Code injection

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880...

6.5CVSS6.9AI score0.00815EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/27 12:40 p.m.44 views

CVE-2020-4603

CVE-2020-4603 affects IBM Security Guardium Insights 2.0.1, where an operation is performed at a privilege level higher than the minimum required, potentially amplifying other weaknesses (IBM X-Force ID 184880). The IBM bulletin for Guardium Insights lists this among multiple vulnerabilities and ...

7.2CVSS6.8AI score0.00815EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/27 12:40 p.m.19 views

CVE-2020-4603

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880...

3.3CVSS7AI score0.00815EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/20 12:0 a.m.29 views

F5 Networks BIG-IP : BIND vulnerability (K19807532)

"The asterisk character '' is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node. A problem can occu...

4.9CVSS6.3AI score0.02088EPSS
Exploits0References2
CVE
CVE
added 2020/07/29 5:28 p.m.39 views

CVE-2019-20025

NEC SV9100 PBX is affected (software release 6.0 and later). The root cause is an undocumented user account with manufacturer privileges, enabling an unauthenticated, remote attacker to log in using a hardcoded username/password. Impact per sources: attacker could remotely log in with manufacture...

10CVSS9.3AI score0.02925EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/03 6:15 p.m.5 views

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

6.7CVSS6AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2020/06/03 6:15 p.m.21 views

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

7.2CVSS6.9AI score0.00426EPSS
Exploits0References1
OSV
OSV
added 2020/06/03 6:15 p.m.3 views

CVE-2020-3208

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...

6.7CVSS6.7AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/06/03 5:40 p.m.10 views

CVE-2020-3208 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability

A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient acce...

6.7CVSS6.8AI score0.00322EPSS
Exploits0References1
Prion
Prion
added 2020/02/19 8:15 p.m.17 views

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based...

6.8CVSS8.8AI score0.00566EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:16 p.m.21 views

CVE-2020-3114 Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based...

8.8CVSS8.9AI score0.00566EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.23 views

Rapid7 Metasploit Framework Zip Import Directory Traversal

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...

7.4CVSS7.5AI score0.02758EPSS
Exploits1References4
Rows per page
Query Builder