Lucene search
K

5655 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.4 views

SUSE CVE-2013-5782

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

10CVSS6.4AI score0.06295EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.6 views

SUSE CVE-2013-5817

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI...

10CVSS6.4AI score0.06295EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.3 views

SUSE CVE-2014-4288

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532...

7.6CVSS6.7AI score0.04884EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.5 views

SUSE CVE-2015-2638

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.6AI score0.0636EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.2 views

SUSE CVE-2015-8078

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...

7.5CVSS9.8AI score0.02753EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.4 views

SUSE CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

6.5CVSS8.9AI score0.01341EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:57 a.m.3 views

SUSE CVE-2016-7951

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks...

9.8CVSS7.1AI score0.02435EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.4 views

SUSE CVE-2016-9586

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks...

5.9CVSS9.9AI score0.04935EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.3 views

SUSE CVE-2017-14806

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version...

5.9CVSS7AI score0.00444EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.3 views

PT-2023-1439 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, which can lead to cross-site scripting attacks. An attacker c...

6.5CVSS6.6AI score0.00611EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.3 views

PT-2023-1437 · Microsoft · Dynamics 365

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to insufficient protection of the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could...

5.5CVSS8.8AI score0.00609EPSS
Exploits0References6
Prion
Prion
added 2023/02/12 2:15 p.m.19 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...

5CVSS7.6AI score0.01097EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.28 views

EulerOS 2.0 SP10 : libtiff (EulerOS-SA-2023-1363)

According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory...

8.8CVSS6.4AI score0.01237EPSS
Exploits7References8
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.4 views

PT-2023-16337 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online Tours & Travels Management System. The issue is related to an unknown function of the file...

5.8CVSS5.8AI score0.00581EPSS
Exploits1References8
Redos
Redos
added 2023/01/24 12:0 a.m.33 views

ROS-20230124-04

The vulnerability in the Mozilla Firefox browser is due to the fact that a deprecated library libusrsctp contained a vulnerability that could potentially be exploited. vulnerabilities that could potentially be exploited. Exploitation of the vulnerability could allow an attacker acting remotely to...

8.8CVSS7.2AI score0.00892EPSS
Exploits0
Redos
Redos
added 2023/01/24 12:0 a.m.25 views

ROS-20230127-01

A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser's full-screen notification could have been delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to direct a user to a...

8.8CVSS7.2AI score0.00892EPSS
Exploits0
CNNVD
CNNVD
added 2023/01/19 12:0 a.m.3 views

Kirby 注入漏洞

Kirby is a file-based content management system CMS. An injection vulnerability exists in Kirby Webmentions, which stems from a vulnerability found in the bastianallgeier Kirby Webmentions plugin, which affects unknown functionality, and can be manipulated to cause injections, which can be used t...

9.8CVSS6.3AI score0.00792EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2023/01/18 12:0 a.m.41 views

Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IKEEXT service, which listens on UDP ports 500 and 4500. A crafted...

3.7CVSS7.7AI score0.88229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.7 views

PT-2023-12294 · Ruckus Wireless · Ruckus Wireless Smartzone Controller

Name of the Vulnerable Software and Affected Versions: Ruckus Wireless SmartZone controller affected versions not specified Description: The issue is related to a DDOS reflection amplification vulnerability in the eAut module of the Ruckus Wireless SmartZone controller. This vulnerability allows...

7.5CVSS7.3AI score0.02355EPSS
Exploits1References11
CVE
CVE
added 2023/01/17 12:0 a.m.62 views

CVE-2022-40319

The CVE-2022-40319 affects LISTSERV 17 web interface and is an Insecure Direct Object Reference (IDOR) vulnerability where remotes can modify a victim’s account by altering the email in the wa.exe URL (e.g., wa.exe?INDEX&X&Y). Root cause is improper access control on user identifiers exposed via ...

7.5CVSS7.4AI score0.07195EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder