Lucene search
K

127 matches found

CNVD
CNVD
added 2022/02/21 12:0 a.m.22 views

HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15173)

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...

7.8CVSS3.7AI score0.00851EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/21 12:0 a.m.13 views

HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15170)

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...

7.8CVSS3.3AI score0.00851EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.18 views

HP Support Assistant 授权问题漏洞

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant is vulnerable to authorization issues, which stem from the product's failure to effectively authenticate users, and can be exploited by attackers to...

7.8CVSS5.5AI score0.00851EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.4 views

HP Support Assistant 授权问题漏洞

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...

7.8CVSS5.6AI score0.00851EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/16 12:0 a.m.5 views

HP Support Assistant 授权问题漏洞

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...

7.8CVSS5.6AI score0.00851EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.5 views

Siemens SINUMERIK 信任管理问题漏洞

Siemens SINUMERIK Edge is a combination of hardware and software that provides a machine-oriented system platform for applications that facilitate digital production support and optimization.SINUMERIK Edge Certificate Improper Validation VulnerabilityAffected software does not properly validate...

7.4CVSS5.7AI score0.00479EPSS
Exploits0References5
OSV
OSV
added 2021/10/22 12:15 p.m.0 views

CVE-2021-38457

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server without providing any form of authentication...

9.8CVSS5.8AI score0.01254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/10/22 12:0 a.m.4 views

PT-2021-22132 · Auvesy · Versiondog

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an attacker to initiate a session with the server without providing any form of authentication, as the server permits communication without any authentication...

9.8CVSS9.5AI score0.01254EPSS
Exploits0References3
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/10/13 2:47 p.m.136 views

What is Graphql ❓ Definition with Example

Anyone who is involved in app development will be familiar with GraphQL, a highly useful query language making tons of things right for app developers and security managers. When handled perfectly and diligently, GraphQL holds the power to empower the traditional process of data retrievals,...

7.1AI score
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/05 12:0 a.m.41 views

CVE-2021-22925

curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEWENV variables, libcurlcould be made to pass on uninitialized data from a stack based...

5.3CVSS6.7AI score0.04929EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/21 12:0 a.m.35 views

CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS6.7AI score0.01843EPSS
Exploits1References1
Citrix
Citrix
added 2021/07/16 12:0 a.m.7 views

How to modify the ADC Radius Request retry attempts .

This article describes how to modify the number of attempts by ADC to send a Radius Request to Radius Server...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.6 views

The vulnerability of the software for interacting with servers via CURL lies in the use of memory areas after they are freed, allowing an attacker to gain access to confidential data.

The vulnerability of the software for interacting with servers via CURL is related to the use of memory areas after they are freed. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

5.3CVSS6.7AI score0.03721EPSS
Exploits1References14Affected Software5
ThreatPost
ThreatPost
added 2021/05/14 5:36 p.m.164 views

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

6.1AI score
Exploits0References9
CNVD
CNVD
added 2021/03/11 12:0 a.m.21 views

Zoho ManageEngine Desktop Central has an unspecified vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management.A security...

9.1CVSS1.9AI score0.04951EPSS
Exploits0References1
Prion
Prion
added 2021/03/05 5:15 p.m.16 views

Authentication flaw

Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server...

6.4CVSS9.1AI score0.04951EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/05 4:36 p.m.31 views

CVE-2020-28050

Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server...

9.3AI score0.04951EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.5 views

ZOHO ManageEngine Desktop Central 安全漏洞

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management.A security...

9.1CVSS5.6AI score0.04951EPSS
Exploits0References2
Veracode
Veracode
added 2020/10/16 6:2 a.m.11 views

Malicious Package

npmpubman is a malicious package. The package contains malicious code in index.js which sends local environment variables to a remote server. The malicious code does not execute upon installation...

4.3AI score
Exploits0
OSV
OSV
added 2020/09/01 7:53 p.m.5 views

GHSA-4RX9-58M7-GR8W Malicious Package in css_transform_step

Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...

7.1AI score
Exploits0References1
Rows per page
Query Builder