Lucene search
K

102 matches found

OSV
OSV
added 2020/11/20 6:15 p.m.3 views

UBUNTU-CVE-2020-28974

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KDFONTOPCOPY in drivers/tty/vt/vt.c can be used for manipulations such as font height...

5CVSS6.6AI score0.00511EPSS
Exploits1References12
Cvelist
Cvelist
added 2020/10/14 6:35 p.m.22 views

CVE-2020-15224 Socket syscalls can leak enclave memory contents in Open Enclave

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the...

6.8CVSS6.1AI score0.00627EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.31 views

Windows Kernel Information Disclosure in CPU Memory Access

An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an...

5.5CVSS2.8AI score0.01425EPSS
Exploits0
Cvelist
Cvelist
added 2020/02/12 7:46 p.m.26 views

CVE-2020-6183

SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...

5.3CVSS6.5AI score0.0069EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.49 views

EulerOS 2.0 SP3 : xorg-x11-server (EulerOS-SA-2019-2683)

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xor...

9.8CVSS7.6AI score0.2704EPSS
Exploits43References18
OSV
OSV
added 2019/11/12 7:15 p.m.3 views

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

7.5CVSS7.2AI score0.01681EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/11/12 6:26 p.m.26 views

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

7.7AI score0.01681EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2019/10/24 12:0 a.m.224 views

AUO SunVeillance Monitoring System 1.1.9e SQL Injection

Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...

0.7AI score
Exploits0
CNVD
CNVD
added 2019/08/06 12:0 a.m.1 views

Intel x86-64 and AMD Microprocessors Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Intel x86-64 and AMD Microprocessors. An attacker could exploit the vulnerability to read read privileged data...

5.6CVSS5.9AI score0.04521EPSS
Exploits4References1
CNVD
CNVD
added 2019/07/31 12:0 a.m.3 views

IBM StoredIQ Access Control Error Vulnerability

IBM StoredIQ is a suite of data visualization and processing platforms from IBM, USA. The platform provides scalable analytics and governance of unstructured data, as well as records management, storage optimization and migration of data. An access control error vulnerability exists in IBM Stored...

4.3CVSS6.3AI score0.00994EPSS
Exploits0References1
OSV
OSV
added 2019/07/10 4:15 p.m.1 views

DEBIAN-CVE-2019-12474

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS6.7AI score0.02043EPSS
Exploits0References1
OSV
OSV
added 2019/04/01 9:30 p.m.19 views

CVE-2019-3792

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

7.5CVSS8.1AI score0.01091EPSS
Exploits0References1
Prion
Prion
added 2019/04/01 9:30 p.m.13 views

Sql injection

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

5CVSS7.7AI score0.01091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/01 8:54 p.m.21 views

CVE-2019-3792 Concourse 5.0.0 SQL Injection vulnerability

Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data...

6.8CVSS7.7AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/27 12:0 a.m.1 views

Pivotal Software Concourse SQL Injection Vulnerability

Pivotal Software Concourse is a software delivery control system for continuous development from Pivotal Software. A SQL injection vulnerability exists in the API in Pivotal Software Concourse versions prior to 5.0.1. A remote attacker can exploit this vulnerability to read privileged data via a...

7.5CVSS7.9AI score0.01091EPSS
Exploits0References1
OSV
OSV
added 2019/03/20 12:0 a.m.7 views

UBUNTU-CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.5CVSS7.3AI score0.01127EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/08/15 3:25 p.m.2 views

Kernel: hw: cpu: L1 terminal fault (L1TF)

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

5.6CVSS6.8AI score0.08101EPSS
Exploits0References10
CNVD
CNVD
added 2018/08/15 12:0 a.m.3 views

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-16845)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.Edge is one of the a default browser that comes with the system. An informatio...

4.3CVSS5.9AI score0.04573EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2018/08/14 7:0 a.m.27 views

Microsoft Edge Information Disclosure Vulnerability

A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a...

4.3CVSS1.7AI score0.04573EPSS
Exploits0
OSV
OSV
added 2018/08/13 9:48 p.m.4 views

CVE-2018-6970

VMware Horizon 6 6.x.x before 6.2.7, Horizon 7 7.x.x before 7.5.1, and Horizon Client 4.x.x and prior before 4.8.1 contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privilege...

6.5CVSS5.8AI score0.01781EPSS
Exploits0References3
Rows per page
Query Builder