Lucene search
K

148 matches found

Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.3 views

PT-2024-16531 · Sick Ag +1 · Sick Inspectorp61X +4

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The product is vulnerable to remote code execution due to missing input validation during one step of the firmware update process. An attacker with network access and the user level "Servic...

8.8CVSS8.6AI score0.01074EPSS
Exploits0References13
Metasploit
Metasploit
added 2024/12/02 6:57 p.m.554 views

Asterisk AMI Originate Authenticated RCE

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...

8.8CVSS7.7AI score0.04703EPSS
Exploits4
Cvelist
Cvelist
added 2024/11/27 9:45 p.m.22 views

CVE-2018-9349

In mverrcost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

0.00224EPSS
Exploits0References1
Redos
Redos
added 2024/10/29 12:0 a.m.7 views

ROS-20241029-14

The vulnerability in the Podman OCI container management and launching software tool is related to issues with the symbolic link issues when running a malicious image using the automatically assigned user namespace --userns=auto. Exploitation of the vulnerability could allow an attacker to create...

6.5CVSS7.3AI score0.01345EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.144 views

Microweber CMS 1.2.10 Local File Inclusion (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microweber CMS v1.2.10 Local File Inclusion Authenticated', 'Description' = %q Microweber CMS v1.2.10 has a backup functionality. Upload and...

7.4AI score
Exploits0
Redos
Redos
added 2024/08/14 12:0 a.m.29 views

ROS-20240814-05

A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...

8.1CVSS8.6AI score0.0107EPSS
Exploits3
NVD
NVD
added 2024/06/03 2:15 a.m.19 views

CVE-2024-20067

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462...

9.8CVSS6.7AI score0.00724EPSS
Exploits0References1
OSV
OSV
added 2024/03/12 9:15 a.m.5 views

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

9.8CVSS6.3AI score0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 9:15 a.m.21 views

CVE-2024-25996

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

9.8CVSS5.9AI score0.00391EPSS
Exploits0References1
Prion
Prion
added 2024/03/12 9:15 a.m.14 views

Remote code execution

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

5CVSS8.2AI score0.00391EPSS
Exploits0References1
CVE
CVE
added 2024/03/12 8:11 a.m.56 views

CVE-2024-25996

CVE-2024-25996 affects PHOENIX CONTACT CHARX SEC devices (CHARX SEC-3000 family). The root cause is an origin validation error that enables an unauthenticated remote attacker to execute arbitrary code remotely. Impact is remote code execution with high severity; exploit appears network-proximate ...

9.8CVSS5.9AI score0.00391EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/12 8:11 a.m.11 views

CVE-2024-25996 PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...

5.3CVSS7.9AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/15 12:13 p.m.39 views

CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words

Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...

5.5CVSS5.7AI score0.0072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/28 12:0 a.m.9 views

CVE-2023-21176

In listkeyentries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

6.6AI score0.00093EPSS
Exploits0References1
NVD
NVD
added 2023/06/16 8:15 p.m.13 views

CVE-2023-25187

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...

7CVSS6.5AI score0.00956EPSS
Exploits4References3
Redos
Redos
added 2023/04/20 12:0 a.m.28 views

ROS-20230420-03

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...

8.8CVSS8.7AI score0.00798EPSS
Exploits0
OSV
OSV
added 2023/03/01 12:0 a.m.6 views

PUB-A-246749764

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.6AI score0.00092EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.6 views

SUSE CVE-2011-1551

SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon...

6.9CVSS7AI score0.00341EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.5 views

SUSE CVE-2016-6829

The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...

9.8CVSS6.9AI score0.02388EPSS
Exploits0References4
OSV
OSV
added 2022/12/01 12:0 a.m.6 views

PUB-A-227203202

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder