Lucene search
K

406 matches found

OSV
OSV
added 2019/08/28 12:0 a.m.4 views

UBUNTU-CVE-2019-6474

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

6.5CVSS6.6AI score0.00712EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.5 views

The vulnerability of the Virtual Domain component of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, allows a hacker to alter the configuration of the virtual domain and increase their privileges.

The vulnerability of the Virtual Domain component of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network EPN Manager software, is related to errors in API request validation. Exploiting this vulnerability could allow...

4.3CVSS5.5AI score0.01274EPSS
Exploits0References3
OSV
OSV
added 2019/05/16 7:29 p.m.2 views

CVE-2019-0734

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how...

8.1CVSS7.1AI score0.04207EPSS
Exploits0References1
CNVD
CNVD
added 2019/05/10 12:0 a.m.4 views

MetInfo Cross-Site Request Forgery Vulnerability (CNVD-2019-14687)

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A cross-site request forgery vulnerability exists in Metinfo version 5.3.18. The vulnerability stems from a WEB application that does not adequately validate whether a request is coming from a trusted...

8.8CVSS6.9AI score0.00661EPSS
Exploits1References1
CNVD
CNVD
added 2019/05/06 12:0 a.m.1 views

IBM Cúram Social Program Management Cross-Site Request Forgery Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Cúram SPM, which arises from a WEB application that does not...

8.8CVSS6.8AI score0.00527EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/22 12:0 a.m.4 views

Sensio Labs Symfony Cross-Site Request Forgery Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A cross-site request forgery vulnerability exists in Sensi...

9.8CVSS6.9AI score0.01854EPSS
Exploits0References1
CNVD
CNVD
added 2019/02/11 12:0 a.m.3 views

WSD-T13 Cloud Storage Camera (Android Client) Exists with Override Access Vulnerability

Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera Android client suffers from an overstepping access vulnerability. The vulnerability is due to the server on the client request data...

6.7AI score
Exploits0
CNVD
CNVD
added 2019/02/11 12:0 a.m.1 views

Traq Cross-Site Request Forgery Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...

8.8CVSS6.9AI score0.00804EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.5 views

The vulnerability of the Cisco Data Center Network Manager system arises from errors in checking user requests in the management interface. This allows attackers to disclose or modify sensitive information that is protected by the system.

The vulnerability of the Cisco Data Center Network Manager system relates to errors in checking user requests in the management interface. Exploiting this vulnerability can allow a malicious actor to disclose or modify sensitive information...

8.5CVSS7.5AI score0.05406EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.9 views

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software lies in errors during the checking of HTTP requests in the management interface, which allows attackers to perform inter-site forged requests.

The vulnerability of Cisco Enterprise NFV Infrastructure Software-related software lies in the improper checking of HTTP requests in the management interface. Exploiting this vulnerability allows a remote attacker to perform inter-site forged requests...

6.4CVSS6.8AI score0.00481EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/10/10 12:0 a.m.3 views

SAP ERP HCM SAP Fiori Cross-Site Request Forgery Vulnerability

SAP ERP HCM is a set of enterprise human resource management solutions from SAP, Germany, of which SAP Fiori is a product front-end development framework. A cross-site request forgery vulnerability exists in SAP Fiori version 1.0 for SAP ERP HCM, which arises from an application that fails to...

6.5CVSS6.7AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2018/09/26 7:29 p.m.5 views

CVE-2018-8844

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request...

8.8CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2018/09/14 12:29 p.m.3 views

CVE-2018-1791

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID:...

4.9CVSS5.8AI score0.00979EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/10 6:0 p.m.20 views

CVE-2018-2439

The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...

5.8AI score0.01556EPSS
Exploits0References3
CVE
CVE
added 2018/07/10 6:0 p.m.44 views

CVE-2018-2439

CVE-2018-2439 refers to the SAP Internet Graphics Server (IGS) affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue is insufficient input validation in multiple IGS components (HTTP and RFC listener, portwatcher registration with the multiplexer, and the multiplexer itself), which can al...

5.9CVSS5.7AI score0.01556EPSS
Exploits0References3Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.8 views

Local Privilege Escalation in Management Web Interface

A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. Ref. PAN-90954; CVE-2018-9242 Successful exploitati...

5.5CVSS6.9AI score0.00426EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/06/22 12:0 a.m.7 views

The vulnerability of the NmAPI.exe executable of the WhatsUp Gold network infrastructure monitoring system allows a perpetrator to gain unauthorized access to the WhatsUp Gold system or execute remote commands.

The vulnerability of the NmAPI.exe executable of the WhatsUp Gold network infrastructure monitoring system is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the WhatsUp Gold system, disclose sensitive...

9.8CVSS5.5AI score0.01443EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/06/21 11:29 a.m.3 views

CVE-2018-0299

A vulnerability in the Simple Network Management Protocol SNMP feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to...

6.5CVSS5.8AI score0.02048EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2018/05/27 12:0 a.m.17 views

Apache httpd mod_cache_socache Denial of Service (CVE-2018-1303)

A denial-of-service vulnerability exists in Apache httpd. The vulnerability is due to improper validation of the headers in HTTP requests...

5CVSS2.3AI score0.70783EPSS
Exploits0
seebug.org
seebug.org
added 2018/05/11 12:0 a.m.563 views

RCE with spring-security-oauth2 分析(CVE-2018-1260)

漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...

7.5CVSS1AI score0.08352EPSS
Exploits2
Rows per page
Query Builder