Lucene search
K

146 matches found

Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.6 views

PT-2022-6773 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 108.0.5359.71 Description: The issue is related to an inappropriate implementation in DevTools, which allowed an attacker to bypass file access restrictions. This could be achieved by convincing a user to insta...

8.8CVSS6.3AI score0.23918EPSS
Exploits4References59
CVE
CVE
added 2022/11/22 12:0 a.m.71 views

CVE-2022-41937

XWiki Platform suffered a Missing Authorization vulnerability where any user with view access could modify pages by importing a crafted XAR package. The issue stems from improper privilege management and was fixed in XWiki 14.6RC1, 14.6, and 13.10.8. A workaround is to restrict the Filter.WebHome...

9.6CVSS8.2AI score0.00732EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.6 views

The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to modify any arbitrary files.

The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...

5.3CVSS7.8AI score0.28628EPSS
Exploits0References7Affected Software2
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.4 views

Zigor Corporación ZGR TPS200 NG 代码问题漏洞

The Zigor Corporación ZGR TPS200 NG is a rectifier for battery chargers from the Spanish company Zigor Corporación. Capable of managing sealed lead-acid or lithium batteries for industrial applications, remote control for substations and remote control of cellular phones, as well as applications...

10CVSS8.3AI score0.00696EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.6 views

PT-2022-6341 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to a lack of authentication for a critical function in the MKLogic-500 PLC configuration protocol. This could allow a remote attacker to modify the device's logic,...

8CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2022/05/17 11:47 a.m.6 views

USN-5424-1 openldap vulnerability

It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database...

9.8CVSS5.9AI score0.69899EPSS
Exploits1References2
NVD
NVD
added 2022/05/04 3:15 p.m.15 views

CVE-2022-29950

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...

4.3CVSS0.00944EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.9 views

The vulnerability of the setup.php configuration file of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to modify the configuration parameters.

The vulnerability of the setup.php configuration file of the Zabbix monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify the configuration parameters remotely...

5.3CVSS7AI score0.84657EPSS
Exploits1References8Affected Software6
OSV
OSV
added 2021/03/30 2:15 a.m.5 views

CVE-2021-25160

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

4.9CVSS6.6AI score0.07093EPSS
Exploits2References3
OSV
OSV
added 2021/03/30 1:15 a.m.2 views

CVE-2021-25155

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

6.5CVSS6.9AI score0.13312EPSS
Exploits5References4
Cvelist
Cvelist
added 2021/03/30 12:13 a.m.40 views

CVE-2021-25155

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

6.8AI score0.13312EPSS
Exploits5References4
CNNVD
CNNVD
added 2021/03/29 12:0 a.m.10 views

Aruba Instant Access Point 输入验证错误漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker to remotely modify arbitrary files. The following products and versions are affected: Aruba Instant 6.4.x:...

4.9CVSS6.7AI score0.07093EPSS
Exploits2References6
BDU FSTEC
BDU FSTEC
added 2021/03/03 12:0 a.m.7 views

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a attacker to modify the device’s configuration.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system relates to the use of an incomplete blacklist. Exploiting this vulnerability could allow a malicious actor to modify the device’s configuration remotely...

4.3CVSS5.5AI score0.00632EPSS
Exploits0References3
OSV
OSV
added 2021/02/17 7:50 p.m.2 views

GHSA-PJ4G-4488-WMXM Dynamic modification of RPyC service due to missing security check

Impact Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks. Patches Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected. Workarounds The commi...

8.5CVSS6.4AI score0.13049EPSS
Exploits2References7
BDU FSTEC
BDU FSTEC
added 2020/12/15 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to modify the configuration of a vulnerable device.

The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to access control errors based on role-based authorization RBAC. Exploiting this vulnerability could allow a malicious actor to remotely alter the configuration of the vulnerable device...

7.7CVSS7.2AI score0.0087EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/11/02 12:0 a.m.4 views

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server allows a perpetrator to modify any files they choose.

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server is related to errors in the mechanism for processing authentication requests. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...

10CVSS7.8AI score0.01432EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/18 12:0 a.m.4 views

PT-2020-6067 · Unknown · Property-Expr

Name of the Vulnerable Software and Affected Versions: property-expr versions prior to 2.0.3 Description: The issue is related to Prototype Pollution via the setter function. It may allow a remote attacker to perform a prototype pollution attack by exploiting uncontrolled modification of object...

9.8CVSS9.3AI score0.03376EPSS
Exploits1References7
CNVD
CNVD
added 2020/06/10 12:0 a.m.2 views

Apple iOS and Apple iPadOS File System Component Logic Vulnerability

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer.File System is one of the file system components. A security vulnerability exists in the File System component ...

7.5CVSS6.4AI score0.00988EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.4 views

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers arises from improperly implemented data filtering during input processing. This allows attackers to alter the contents of project configuration files.

The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to improperly implemented data filtering. Exploiting this vulnerability allows a malicious actor to remotely modify the contents of project configuration files...

8.5CVSS7.2AI score0.01118EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/04/24 12:0 a.m.2 views

Juplink Intelligent Technologies RX4-1500 Unauthorized Operation Vulnerability

The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in httpd in the Juplink Intelligent Technologies RX4-1500 versions v1.0.3 through v1.0.5. A remote attacker could use this vulnerability to modify or access...

5.5CVSS6.9AI score0.0039EPSS
Exploits1References1
Rows per page
Query Builder