Lucene search
K

841 matches found

Vulnrichment
Vulnrichment
added 2022/11/06 12:0 a.m.6 views

CVE-2022-37710

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...

7.5AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Tenda TX3 缓冲区错误漏洞

Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the startIp parameter of /goform/SetPptpServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...

9.8CVSS7.1AI score0.00755EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.7 views

PT-2022-26710 · Tenda · Tenda Tx3

Name of the Vulnerable Software and Affected Versions: Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the endIp parameter at the "/goform/SetPptpServerCfg" API endpoint. Recommendations: For Tenda TX3 US TX3V1.0br V16.03.13.11 multi TDE01,...

9.8CVSS9.4AI score0.00755EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.6 views

Tenda TX3 缓冲区错误漏洞

Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01, which originates from the list parameter of /goform/SetVirtualServerCfg containing a stack overflow. No detailed vulnerability details are provided at this...

9.8CVSS7.1AI score0.00755EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/10/18 9:14 p.m.34 views

Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms

TL;DR This vulnerability only affects you if you are using the code or password-reset auth method with the auth.methods option. It can only be successfully exploited under server configuration conditions outside of the attacker's control. ---- Introduction User enumeration is a type of...

4.8CVSS5AI score0.00349EPSS
Exploits0References7Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2022/10/07 12:0 a.m.21 views

Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the Apex One web console. By navigating directly to a URL, a user can bypass authorization...

9.1CVSS4.2AI score0.00971EPSS
Exploits0References1
Mageia
Mageia
added 2022/09/10 8:26 p.m.70 views

Updated jupyter-notebook packages fix security vulnerability

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...

7.5CVSS1.2AI score0.05664EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2022/08/19 2:4 p.m.56 views

DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previousl...

6.9AI score
Exploits0
Huntr
Huntr
added 2022/08/16 9:36 a.m.25 views

Stored XSS in 'Table name' field via Database information function

Description When the administrator uses the Database information function, malicious code will be accidentally called and executed through two cases: 1. 1 An internal attacker local with access right to the database could insert malicious content into the table name field by creating a table in t...

4.3CVSS0.3AI score0.00409EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/16 12:32 a.m.19 views

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

6.9AI score0.00828EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.3 views

Airspan AirVelocity 1500 安全漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks into indoor spaces A security vulnerability exists in the Airspan AirVelocity 1500 versions 9.3.0.01249 and 15.18.00.2511, which originates from an...

6.5CVSS6.5AI score0.00828EPSS
Exploits1References3
NVD
NVD
added 2022/08/01 5:15 p.m.46 views

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS0.00594EPSS
Exploits0References3
OSV
OSV
added 2022/07/05 5:15 p.m.22 views

CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...

5.4CVSS5AI score0.02421EPSS
Exploits1References5
OSV
OSV
added 2022/06/15 5:15 p.m.4 views

CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the...

7.5CVSS7.1AI score0.01799EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 9:15 p.m.3 views

CVE-2022-1360

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...

9.8CVSS6AI score0.01671EPSS
Exploits0References1
Prion
Prion
added 2022/05/17 9:15 p.m.13 views

Code injection

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...

7.5CVSS9.4AI score0.01671EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/17 8:17 p.m.77 views

CVE-2022-1360

The CVE-2022-1360 issue affects Cambium Networks cnMaestro On-Premises and is an OS Command Injection vulnerability in the cnMaestro server that could allow an unauthenticated attacker to execute code and change server configuration. Public sources detail affected versions (On-Premises prior to 3...

9.8CVSS9.1AI score0.01671EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/05/17 8:17 p.m.19 views

CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...

8.2CVSS9.6AI score0.01671EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:33 a.m.24 views

Deserialization of Untrusted Data in Infinispan

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

8.8CVSS5.3AI score0.0127EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:33 a.m.2 views

GHSA-QQFC-M9HC-PQV3 Deserialization of Untrusted Data in Infinispan

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

8.8CVSS6.3AI score0.0127EPSS
Exploits0References6
Rows per page
Query Builder