Lucene search
K

419 matches found

Prion
Prion
added 2019/11/18 9:15 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

4.3CVSS5.9AI score0.02691EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2019/09/10 12:0 a.m.33 views

Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the behavior of...

8.8CVSS3AI score0.0453EPSS
Exploits0References1
OSV
OSV
added 2019/08/26 3:15 p.m.12 views

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

7.8CVSS5.9AI score0.00336EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/10/08 11:18 p.m.41 views

smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

10CVSS9.4AI score0.06007EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2018/09/21 1:29 p.m.4 views

CVE-2018-14643

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

9.8CVSS6AI score0.06007EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/09/21 1:0 p.m.30 views

CVE-2018-14643

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

9.8CVSS9.7AI score0.06007EPSS
Exploits0References4
RubySec
RubySec
added 2018/09/14 12:0 a.m.12 views

smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

10CVSS4.7AI score0.06007EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/08 6:29 p.m.20 views

CVE-2018-4243

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlist allows attackers to execute arbitrary co...

9.3CVSS7.3AI score0.18765EPSS
Exploits6References7
OSV
OSV
added 2018/06/08 6:29 p.m.4 views

CVE-2018-4236

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

7.8CVSS6.1AI score0.01207EPSS
Exploits0References2
OSV
OSV
added 2018/06/08 6:29 p.m.3 views

CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcpusrconnectx allows attackers to execute arbitrary...

7.8CVSS6.4AI score0.08224EPSS
Exploits3References7
NVD
NVD
added 2018/06/08 6:29 p.m.20 views

CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcpusrconnectx allows attackers to execute arbitrary...

9.3CVSS7.3AI score0.08224EPSS
Exploits3References7
OSV
OSV
added 2018/06/08 6:29 p.m.2 views

CVE-2018-4228

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition...

7CVSS6.1AI score0.00915EPSS
Exploits0References2
NVD
NVD
added 2018/06/08 6:29 p.m.16 views

CVE-2018-4230

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a ra...

7.6CVSS6.4AI score0.04164EPSS
Exploits3References4
Prion
Prion
added 2018/06/08 6:29 p.m.23 views

Code injection

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a crafted app...

9.3CVSS6.8AI score0.01497EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.22 views

CVE-2018-4242

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

7AI score0.02865EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.22 views

CVE-2018-4230

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a ra...

6.5AI score0.04164EPSS
Exploits3References4
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.23 views

CVE-2018-4228

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition...

6.4AI score0.00915EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.18 views

CVE-2018-4241

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcpusrconnectx allows attackers to execute arbitrary...

7.1AI score0.08224EPSS
Exploits3References7
OSV
OSV
added 2018/04/03 6:29 a.m.1 views

CVE-2018-4144

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security"...

7.8CVSS7.8AI score0.02054EPSS
Exploits0References9
OSV
OSV
added 2018/04/03 6:29 a.m.3 views

CVE-2018-4152

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app...

7CVSS6.1AI score0.01107EPSS
Exploits0References3
Rows per page
Query Builder