Lucene search
+L

101 matches found

OSV
OSV
added 2023/05/21 10:15 p.m.6 views

CVE-2023-33254

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...

6.5CVSS6.6AI score0.03211EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.2 views

SUSE CVE-2019-18609

An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize value than needed...

9.8CVSS7.3AI score0.03317EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.2 views

SUSE CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

7.8CVSS8AI score0.00649EPSS
Exploits1References6
Veracode
Veracode
added 2022/12/11 2:3 a.m.25 views

Integer Overflow

vlc is vulnerable to integer overflows. The vulnerability exists through the VNC module via tricking a user into opening a crafted playlist or connecting to a rogue VNC server, which allows a malicious attacker to cause integer overflows...

7.8CVSS7.1AI score0.00649EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/06 4:15 p.m.2 views

DEBIAN-CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

7.8CVSS7.8AI score0.00649EPSS
Exploits1References1
OSV
OSV
added 2022/12/06 4:15 p.m.3 views

UBUNTU-CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

7.8CVSS7.4AI score0.00649EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.4 views

CVE-2022-41325

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...

7.7AI score0.00649EPSS
Exploits1References4
NCSC
NCSC
added 2022/08/03 12:0 a.m.6 views

Vulnerability fixed in rsync

A vulnerability has been fixed in rsync. The vulnerability allows a malicious person to overwrite arbitrary files on the victim's system. To exploit this vulnerability exploitation, the victim must connect to a rogue rsync server. The developers of rsync have created a new version to fix the...

7.4CVSS7.4AI score0.01672EPSS
Exploits1
Gitee
Gitee
added 2022/01/30 10:53 a.m.5 views

redis-rce

PoC exploit for Redis RCE Remote Code Execution in Redis 4.x/5.x. The exploit is inspired by Redis post-exploitation techniques and is based on a modified version of the Redis Rogue Server. The exploit uses the RedisModules-ExecuteCommand library to load a custom Redis module, which allows for...

8.4AI score
Exploits0
Gitee
Gitee
added 2021/11/29 11:7 p.m.5 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview

PoC exploit for CVE-2017-14947, an RCE vulnerability in Redis 4.x/5.x. The target product/service is Redis, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py that is...

7.8CVSS7.3AI score0.01233EPSS
Exploits3
NVD
NVD
added 2021/11/22 8:15 a.m.14 views

CVE-2021-33488

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook...

6.1CVSS0.01114EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/11/22 7:32 a.m.28 views

CVE-2021-33488

chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook...

6.4AI score0.01114EPSS
Exploits3References3
The Hacker News
The Hacker News
added 2021/08/11 11:57 a.m.66 views

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic

Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service DNSaaS providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic...

6.9AI score
Exploits0
NCSC
NCSC
added 2021/05/21 12:0 a.m.6 views

Vulnerability found in Mozilla Firefox

Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

Eaton Intelligent Power Manager 代码注入漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A remote code execution vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, whi...

10CVSS6.7AI score0.02235EPSS
Exploits0References4
OSV
OSV
added 2021/03/15 5:15 p.m.5 views

CVE-2020-25239

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...

8.8CVSS7.2AI score0.0094EPSS
Exploits0References1
NVD
NVD
added 2021/03/15 5:15 p.m.27 views

CVE-2020-25239

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...

8.8CVSS0.0094EPSS
Exploits0References1
Prion
Prion
added 2021/03/15 5:15 p.m.20 views

Authorization

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...

6.5CVSS8.4AI score0.0094EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/15 5:3 p.m.31 views

CVE-2020-25239

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...

8.4AI score0.0094EPSS
Exploits0References1
NCSC
NCSC
added 2020/10/16 12:0 a.m.4 views

Vulnerability fixed in containerd

A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...

6.1CVSS6.8AI score0.02236EPSS
Exploits1
Rows per page
Query Builder