Lucene search
+L

269 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-2954

The irdabind function in net/irda/afirda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irdaopentsap function, which allows local users to cause a denial of service NULL pointer dereference and panic and possibly have unspecified other impact via...

4.9CVSS6.8AI score0.00422EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.5 views

SUSE CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...

7.5CVSS7.5AI score0.01022EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2022/10/04 12:0 a.m.3 views

CVE-2022-30613

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366...

5.5CVSS5.8AI score0.00189EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/13 10:15 p.m.2 views

CVE-2022-35413

WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information such as SSL keys via an HTTPS request to the /webapi/ URI on port 443 or 5001...

9.8CVSS7.3AI score0.13518EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/25 6:15 p.m.4 views

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS5.7AI score0.00965EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.7 views

PT-2022-21835 · Unknown · Wi-Fi Service

Name of the Vulnerable Software and Affected Versions: Wi-Fi Service versions prior to SMR AUG-2022 Release 1 Description: The issue is related to improper access control in the Wi-Fi Service, allowing untrusted applications to manipulate the list of apps that can use mobile data. Recommendations...

6.2CVSS3.8AI score0.00086EPSS
Exploits0References3
OSV
OSV
added 2022/07/18 6:15 p.m.2 views

CVE-2022-22445

An attacker that gains service access to the FSP POWER9 only or gains admin authority to a partition can compromise partition firmware...

6.5CVSS5.8AI score0.00689EPSS
Exploits0References2
NVD
NVD
added 2022/07/18 6:15 p.m.26 views

CVE-2022-22445

An attacker that gains service access to the FSP POWER9 only or gains admin authority to a partition can compromise partition firmware...

7.6CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/18 5:0 p.m.33 views

CVE-2022-22445

An attacker that gains service access to the FSP POWER9 only or gains admin authority to a partition can compromise partition firmware...

7.6CVSS6.6AI score0.00689EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/15 5:21 p.m.30 views

Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.

Summary PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin...

7.6CVSS1.8AI score0.00689EPSS
Exploits0
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.7 views

Open Automation Software OAS Platform 访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. Open Automation Software OAS Platform V16.00.0121 is vulnerable to an access control error that could be exploited by an attacker to make unauthenticated use of the REST API wit...

9.4CVSS5.6AI score0.37606EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/05/06 12:0 a.m.5 views

PT-2022-6736 · Offis +5 · Offis Dcmtk +5

Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK versions prior to 3.6.7 Description: The issue is related to a path traversal vulnerability in the service class provider SCP of OFFIS DCMTK, allowing an attacker to write DICOM files into arbitrary directories under controlled...

10CVSS7.6AI score0.07629EPSS
Exploits6References90
RedHat Linux
RedHat Linux
added 2022/01/27 3:28 p.m.9 views

OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS7.4AI score0.03486EPSS
Exploits0References4
OSV
OSV
added 2022/01/18 4:15 p.m.3 views

DEBIAN-CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName...

8.8CVSS8.5AI score0.61785EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/09 9:17 p.m.15 views

Security Bulletin: The PowerVM hypervisor can allow an attacker that gains service access to the FSP to read and write system memory

Summary On PowerVM systems an attacker that gains service access to the FSP can read and write system memory through a series of carefully crafted service procedures Vulnerability Details CVEID: CVE-2021-38917 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker that gains service access t...

9.4CVSS8.5AI score0.01476EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/12/09 12:0 a.m.3 views

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018...

9.4CVSS6.1AI score0.01476EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that could be exploited by an attacker with access to inail...

8.8CVSS8.3AI score0.03872EPSS
Exploits0References2
Huntr
Huntr
added 2021/11/30 2:34 p.m.24 views

Server-Side Request Forgery (SSRF) in dotcms/core

Description Hi team, I found a SSRF that allow me to access the elasticsearch API and get full response from the querys - As can be read in the following link dotCMS uses elastisearch, with this SSRF we can direct access the elastisearch REST API, - In a cloud environment, it can be possible to...

1.1AI score
Exploits0References1
NVD
NVD
added 2021/10/12 3:15 p.m.26 views

CVE-2021-38181

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

7.5CVSS0.01069EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.17 views

Network Time Protocol (NTP) Mode 6 Query Response Check (UDP)

Services which are supporting the Network Time Protocol NTP and respond to Mode 6 queries are prone to an information disclosure and might be misused for Distributed Denial of Service DDoS attacks. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenc...

6.5AI score
Exploits0References4
Rows per page
Query Builder