Lucene search
+L

119 matches found

OSV
OSV
added 2021/10/06 2:55 p.m.5 views

SUSE-SU-2021:3298-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

7.5CVSS7AI score0.04224EPSS
Exploits2References5
OSV
OSV
added 2021/10/06 2:55 p.m.10 views

OPENSUSE-SU-2021:3298-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

7.5CVSS7AI score0.04224EPSS
Exploits2References5
OSV
OSV
added 2021/10/06 2:53 p.m.6 views

SUSE-SU-2021:3297-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

7.5CVSS7AI score0.04224EPSS
Exploits2References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/10/06 12:0 a.m.60 views

Security update for curl (moderate)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:3298-1 Rating: moderate References: 1190373 1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 SUSE: 5.9...

5.9CVSS7.7AI score0.04224EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2021:14807-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.04224EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2021/08/30 8:57 a.m.5 views

libX11: missing request length checks

A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate via injection of control characters, or potentially execute arbitrary code with permissions of the application compiled with libX1...

9.8CVSS7.7AI score0.10634EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.13 views

Schneider Electric PowerLogic PM5560 < 2.5.4 Cross Protocol Injection

Binary data 720172.prm...

6.1CVSS7.3AI score0.02304EPSS
Exploits0References2
NVD
NVD
added 2018/12/23 9:29 p.m.11 views

CVE-2018-20379

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

4.7CVSS4.9AI score0.00573EPSS
Exploits1References1
OSV
OSV
added 2018/12/23 9:29 p.m.8 views

CVE-2018-20379

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

4.7CVSS5.8AI score0.00573EPSS
Exploits1References1
Prion
Prion
added 2018/12/23 9:29 p.m.12 views

Cross site scripting

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

2.6CVSS4.9AI score0.00573EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/23 9:0 p.m.17 views

CVE-2018-20379

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001...

4.9AI score0.00573EPSS
Exploits1References1
CVE
CVE
added 2018/12/23 9:0 p.m.47 views

CVE-2018-20379

CVE-2018-20379 affects Technicolor DPC3928SL devices (model D3928SL-PSIP-13-A010-c3420r55105-160428a). The vulnerability is a cross-site scripting (XSS) flaw exposed through a cross protocol injection path involving the setSSID field identified by the OID 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.100...

4.7CVSS4.8AI score0.00573EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/29 8:29 p.m.10 views

CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

6.1CVSS5.3AI score0.02304EPSS
Exploits0References3
Prion
Prion
added 2018/08/29 8:29 p.m.21 views

Cross site scripting

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

4.3CVSS6.3AI score0.02304EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/08/29 8:29 p.m.22 views

CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

6.1CVSS6.3AI score0.02304EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2018/08/29 8:0 p.m.4 views

CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

5.8AI score0.02304EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/08/29 8:0 p.m.31 views

CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

6.3AI score0.02304EPSS
Exploits0References3
CVE
CVE
added 2018/08/29 8:0 p.m.63 views

CVE-2018-7795

The CVE-2018-7795 entry corresponds to Schneider Electric PowerLogic PM5560 (all versions prior to firmware 2.5.4) with an vulnerability described as Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting). The root cause is input handling in the web interface that allo...

6.1CVSS6.3AI score0.02304EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/05/09 8:29 p.m.20 views

CVE-2017-14480

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

10CVSS9.8AI score0.06084EPSS
Exploits2References1
NVD
NVD
added 2018/02/21 1:29 a.m.16 views

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.1CVSS6.3AI score0.0078EPSS
Exploits1References1
Rows per page
Query Builder