Lucene search
K

98 matches found

SUSE CVE
SUSE CVE
added 2023/02/17 2:5 a.m.2 views

SUSE CVE-2023-25734

After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...

8.1CVSS6.2AI score0.00775EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...

10CVSS8.2AI score0.77806EPSS
Exploits23References5
OSV
OSV
added 2022/12/22 8:15 p.m.1 views

UBUNTU-CVE-2022-36314

When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...

5.5CVSS7.2AI score0.00216EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2022/10/29 3:28 a.m.485 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringAllReachable A graphical tool for rapid exploitati...

10CVSS7.9AI score0.99939EPSS
Exploits86
Vulnrichment
Vulnrichment
added 2022/09/20 7:58 p.m.5 views

CVE-2022-38931

A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...

7.4AI score0.01103EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.6 views

The vulnerability of the ipynb Notebook component of the Git-based software platform for collaborative code development on GitLab allows a hacker to send arbitrary HTTP requests.

The vulnerability of the ipynb Notebook component of the Git-based software development platform for collaborative code editing on GitLab is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to send arbitrary HTTP requests remotely...

6.6CVSS7.3AI score0.00754EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.25 views

Cybele Software Thinfinity VirtualUI 信息泄露漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...

7.5CVSS7.5AI score0.15551EPSS
Exploits3References7
ATTACKERKB
ATTACKERKB
added 2021/11/03 7:15 p.m.116 views

CVE-2021-43141

Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication...

6.1CVSS6.4AI score0.01396EPSS
In wildExploits1References5
OSV
OSV
added 2021/11/03 5:30 p.m.13 views

GHSA-7RQ6-7GV8-C37H Missing Authorization with Default Settings in Dashboard UI

Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...

8.6CVSS7.9AI score0.00922EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/03 5:30 p.m.43 views

Missing Authorization with Default Settings in Dashboard UI

Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...

8.6CVSS1AI score0.00922EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/11/02 6:15 p.m.18 views

CVE-2021-41238

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...

7.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/11/02 6:15 p.m.14 views

Authorization

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...

5CVSS7.4AI score0.00922EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/02 6:5 p.m.150 views

CVE-2021-41238

Hangfire.Core Dashboard UI in Hangfire (for .NET/.NET Core) was vulnerable when the default DashboardOptions.Authorization allowed remote requests due to missing authorization filters in version 1.7.25. The root cause was that LocalRequestsOnlyAuthorizationFilter was not applied by default, permi...

8.6CVSS7.6AI score0.00922EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/06 8:15 p.m.3 views

CVE-2021-34706

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...

5.4CVSS5.9AI score0.00714EPSS
Exploits0References1
OSV
OSV
added 2020/12/08 1:15 a.m.2 views

DEBIAN-CVE-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service...

7.5CVSS7.5AI score0.02183EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/27 12:0 a.m.3 views

Aruba Airwave Software Server-Side Request Forgery Vulnerability

Aruba Airwave Software is a network monitoring software that helps users view real-time data and situational reports for every user, device, and segment of the network. A server-side request forgery vulnerability exists in Aruba Airwave Software versions prior to 1.3.2, which allows an attacker t...

5.8CVSS6.9AI score0.00816EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/09/27 12:0 a.m.5 views

The vulnerability of the Customer component of the MICROS Relate CRM Software allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Customer component of the MICROS Relate CRM Software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information by sending specially crafted HTTP reques...

8.2CVSS5.5AI score0.01091EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/17 12:0 a.m.3 views

PT-2019-16954 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.0 through 11.1 Description: The issue allows a remote user to send specially crafted requests that could consume all available CPU and memory resources, resulting in a denial of service attack. Recommendations...

7.8CVSS5.8AI score0.03518EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/05 12:0 a.m.46 views

LibreOffice < 6.2.5 Multiple Vulnerabilities (macOS)

The version of LibreOffice installed on the remote macOS host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must be...

9.8CVSS7.8AI score0.31215EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2019/05/01 12:0 a.m.4 views

PT-2019-2044 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the WebVPN login process could allow an unauthenticated...

8.6CVSS8.5AI score0.01967EPSS
Exploits0References6
Rows per page
Query Builder