Lucene search
K

5655 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/05 12:0 a.m.40 views

GLSA-202405-11 : MIT krb5: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-11 MIT krb5: Multiple Vulnerabilities - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer...

8.8CVSS7.6AI score0.10276EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.16 views

Fedora 40 : micropython (2024-a3b517705e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a3b517705e advisory. - Update to 1.22.2 - Security fixes for CVE-2023-7158 and CVE-2023-7152 Tenable has extracted the preceding description block directly from the Fedo...

9.8CVSS6.8AI score0.01228EPSS
Exploits2References3
CVE
CVE
added 2024/04/27 11:31 a.m.56 views

CVE-2024-4249

The CVE-2024-4249 entry affects Tenda i21 firmware 1.0.0.14(4656). The vulnerable component is the function formwrlSSIDget in the file /goform/wifiSSIDget, where manipulating the argument ssidIndex causes a stack-based buffer overflow. The vulnerability can be exploited remotely, and public explo...

9CVSS6.9AI score0.01349EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2024/04/26 2:3 p.m.54 views

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Several security vulnerabilities disclosed in Brocade SANnav storage area network SAN management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discover...

9.8CVSS8.7AI score0.00848EPSS
Exploits0
Hacker One
Hacker One
added 2024/04/19 3:48 p.m.8 views

U.S. Dept Of Defense: [███] .NET Framework ObjRefs Disclosure (CVE-2024-29059)

A vulnerability was discovered in Microsoft .NET Framework that could allow a remote attacker to obtain sensitive information. The vulnerability was caused by the potential disclosure of ObjRef URIs, which could be used to perform .NET Remoting attacks via HTTP. The vulnerability was assigned the...

7.5CVSS6.9AI score0.98832EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/04/17 11:15 p.m.31 views

CVE-2023-4235

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

8.1CVSS7.1AI score0.00936EPSS
Exploits1References3
CVE
CVE
added 2024/04/17 11:31 a.m.53 views

CVE-2024-3909

CVE-2024-3909 affects Tenda AC500 firmware version 2.0.1.9(1307). The vulnerability lies in the formexeCommand function of /goform/execCommand, where improper handling of the cmdinput parameter causes a stack-based buffer overflow. This can be triggered remotely, and public exploit details exist ...

9.8CVSS6.9AI score0.01676EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/04/16 6:31 p.m.49 views

CVE-2024-3877

CVE-2024-3877 affects Tenda F1202 firmware 1.2.0.20(408). The vulnerable component is the function fromqossetting in /goform/fromqossetting, where manipulating the qos argument triggers a stack-based buffer overflow. This enables a remote attacker to potentially execute arbitrary code with high i...

9CVSS7AI score0.01755EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.7 views

PT-2024-13209 · Litespeed Technologies · Litespeed Cache

Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache versions n/a through 5.7 Description: The issue is related to a Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache. This vulnerability allows for remote attacks due to the lack of proper authorizatio...

8.2CVSS9.4AI score0.00413EPSS
Exploits0References8
Mageia
Mageia
added 2024/04/13 4:56 p.m.37 views

Updated perl-HTTP-Body packages fix security vulnerability

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...

6.8CVSS7AI score0.02877EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/04 5:55 p.m.5 views

CVE-2024-25700 Persistent XSS in URL added to a shared map

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...

4.8CVSS5.3AI score0.00373EPSS
Exploits0References1
CVE
CVE
added 2024/04/03 4:17 p.m.82 views

CVE-2024-27335

CVE-2024-27335 – Kofax Power PDF : PNG file parsing has an out-of-bounds read due to missing validation of user data, enabling remote code execution. Impact is high and requires user interaction (visit malicious page or open a malicious file). Documented details come from ZDI/NVD; no fix version ...

7.8CVSS8AI score0.00421EPSS
Exploits0References1Affected Software1
Redos
Redos
added 2024/04/03 12:0 a.m.21 views

ROS-20240402-22

Moodle virtual learning environment vulnerability is related to lack of additional comment cleanup Wiki. Exploitation of the vulnerability could allow an attacker acting remotely to perform a cross-site scripting attacks XSS A vulnerability in the Moodle virtual learning environment is related to...

9.8CVSS6.5AI score0.0137EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.3 views

PT-2024-19362 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to a denial of service that can be triggered by a specially crafted query on certain columnar tables. This can lead to remote...

6.5CVSS8.9AI score0.00653EPSS
Exploits0References8
NVD
NVD
added 2024/03/31 6:15 a.m.19 views

CVE-2015-10131

A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function adminpageload/adminpage of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely...

4CVSS3.7AI score0.00491EPSS
Exploits0References4
NVD
NVD
added 2024/03/26 11:15 p.m.12 views

CVE-2024-2927

A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploi...

9.8CVSS7.5AI score0.0078EPSS
Exploits1References3
CVE
CVE
added 2024/03/26 9:31 p.m.62 views

CVE-2024-2911

CVE-2024-2911 concerns Tianjin PubliCMS 4.0.202302.e, where a cross-site request forgery (CSRF) vulnerability exists in an unknown component. The vulnerability can be triggered remotely, with the exploit publicly disclosed and the vendor reportedly unresponsive. Connected sources (Red Hat, CNVD/C...

6.9CVSS4.5AI score0.00322EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/21 2:52 a.m.13 views

CVE-2024-27927

RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service DoS attacks. The attacker ca...

6.5CVSS6.3AI score0.01044EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-21743 · Unknown · Social Media Share Buttons

Name of the Vulnerable Software and Affected Versions: Social Media Share Buttons versions 2.1.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which affects the Social Media Share Buttons plugin. This could potentially allow for remote attacks. Recommendation...

8.8CVSS7.2AI score0.00672EPSS
Exploits0References5
NVD
NVD
added 2024/03/16 10:15 p.m.9 views

CVE-2024-2531

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

8.8CVSS6.5AI score0.00694EPSS
Exploits0References3
Rows per page
Query Builder