Lucene search
+L

250 matches found

vulnrichment
vulnrichment
added 2024/05/21 1:32 p.m.22 views

CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects...

10CVSS7.8AI score0.00949EPSS
Exploits0References1
kitploit
kitploit
added 2024/05/05 12:30 p.m.38 views

HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems

HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations ASLR, PIC,...

7.3AI score
Exploits0References1
cvelist
cvelist
added 2024/04/25 1:58 a.m.28 views

CVE-2024-4159 Protection mechanisms

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...

4.3CVSS5AI score0.00517EPSS
Exploits0References1
broadcom
broadcom
added 2024/04/25 12:0 a.m.35 views

Protection mechanisms (CVE-2024-4159)

Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information...

4.3CVSS7.6AI score0.00517EPSS
Exploits0Affected Software1
nessus
nessus
added 2023/12/26 12:0 a.m.21 views

Fedora 39 : python3.12 (2023-d577604e6a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d577604e6a advisory. Security fix for CVE-2023-27043 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

5.3CVSS7.1AI score0.02527EPSS
Exploits1References2
osv
osv
added 2023/12/24 5:15 a.m.7 views

CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

5.3CVSS5.2AI score0.02598EPSS
Exploits4References19
cvelist
cvelist
added 2023/12/18 9:55 p.m.44 views

CVE-2023-6355

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. This issue affects: Gallagher Controller 7000 9.00 prior to vCR9.00.231204b distributed in 9.00.1507 MR1, 8.90 prior to vCR8.90.231204a distributed in...

6.8CVSS6.7AI score0.00353EPSS
Exploits0References1
nessus
nessus
added 2023/05/09 12:0 a.m.26 views

Siemens SICAM P850 and SICAM P855 Improper Neutralization of Input During Web Page Generation (CVE-2022-29882)

A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P855 All versions V3.00. Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses th...

7.1CVSS6.8AI score0.00804EPSS
Exploits0References3
nessus
nessus
added 2023/05/03 12:0 a.m.33 views

GLSA-202305-16 : Vim, gVim: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-16 Vim, gVim: Multiple Vulnerabilities - Use after free in utfptr2char in GitHub repository vim/vim prior to 8.2.4646. CVE-2022-1154 - heap buffer overflow in getonesourceline in GitHub repository vim/vim prior to 8.2.4647...

9.8CVSS5.9AI score0.03104EPSS
Exploits83References94
ubuntucve
ubuntucve
added 2023/03/27 12:0 a.m.35 views

CVE-2021-3923

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

2.3CVSS6.7AI score0.00199EPSS
Exploits0References2
f5
f5
added 2023/02/21 7:58 p.m.73 views

K28622040: Python vulnerability CVE-2019-9948

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...

9.1CVSS7.7AI score0.12261EPSS
Exploits1Affected Software4
talosblog
talosblog
added 2023/01/12 12:59 p.m.23 views

How to instrument system applications on Android stock images

By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how to do it on an...

6.8AI score
Exploits0
vulnrichment
vulnrichment
added 2022/09/08 12:30 p.m.14 views

CVE-2022-20696 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...

7.5CVSS6.6AI score0.00342EPSS
Exploits0References1
github
github
added 2022/05/17 3:56 a.m.36 views

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

2.6CVSS4AI score0.02426EPSS
Exploits1References6Affected Software1
github
github
added 2022/05/14 1:37 a.m.43 views

Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

5.8CVSS4.8AI score0.01655EPSS
Exploits1References9Affected Software1
osv
osv
added 2022/05/13 1:19 a.m.105 views

GHSA-H892-X453-86WC Pippo RCE Vulnerability

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

9.8CVSS9.8AI score0.03653EPSS
Exploits1References4
cnvd
cnvd
added 2022/04/20 12:0 a.m.39 views

vim buffer overflow vulnerability (CNVD-2022-55222)

vim is a UNIX-based editor. vim versions prior to 8.2.4763 contain a buffer overflow vulnerability that stems from a failure to properly validate data boundaries when performing operations on memory in the software skiprange. An attacker could exploit this vulnerability to cause a software crash,...

6.8CVSS6AI score0.03104EPSS
Exploits1Affected Software1
ibm
ibm
added 2022/04/11 3:7 p.m.53 views

Security Bulletin: Vulnerabilities in Open Source OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2177 CVE-2000-1254 CVE-2016-2178).

Summary Open Source OpenSSL is used by IBM Cisco SAN switches and directors. IBM Cisco SAN switches and directors has addressed the applicable CVEs. Vulnerability Details Relevant CVE Information: CVEID: CVE-2000-1254 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

9.8CVSS1.2AI score0.44505EPSS
Exploits1Affected Software10
openvas
openvas
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2014-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS7.6AI score0.01751EPSS
Exploits0References4
veracode
veracode
added 2021/08/28 12:1 a.m.29 views

Validation Bypass

Mozilla Firefox is vulnerable to validaiton bypass. does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210...

4.3CVSS3.5AI score0.01867EPSS
Exploits2References11Affected Software1
Rows per page
Query Builder