Lucene search
+L

269 matches found

Prion
Prion
added 2021/08/04 2:15 p.m.17 views

Design/Logic Flaw

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

5CVSS7.2AI score0.01145EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/04 5:39 a.m.18 views

Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP

Summary An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID: CVE-2021-29765 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if...

7.5CVSS2.1AI score0.01145EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.28 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2021:1854-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1854-1 advisory. - Mozilla Thunderbird 78.10.2 - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated bsc1186198. -...

7.5CVSS6.6AI score0.01852EPSS
Exploits3References13
OSV
OSV
added 2021/06/04 6:54 a.m.6 views

SUSE-SU-2021:1854-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.10.2 - CVE-2021-29957: Fixed partial protection of inline OpenPGP message not indicated bsc1186198. - CVE-2021-29956: Fixed Thunderbird stored OpenPGP secret keys without master password protection bsc1186199....

7.5CVSS6.6AI score0.01852EPSS
Exploits3References9
Cvelist
Cvelist
added 2021/05/28 8:10 a.m.21 views

CVE-2021-32541 SysJust CTS Web - Broken Access Control

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5.3CVSS5.8AI score0.01511EPSS
Exploits0References2
Mozilla
Mozilla
added 2021/05/04 12:0 a.m.54 views

Security Vulnerabilities fixed in Firefox ESR 78.10.1 — Mozilla

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

6.5CVSS3.2AI score0.01852EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.4 views

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center that stems from insufficient enforcement of access controls in the affected software. An attacker could use this...

4.3CVSS5.2AI score0.00677EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/03/18 6:25 p.m.48 views

CVE-2021-27291

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

7.5CVSS3.6AI score0.03906EPSS
Exploits1References3
OSV
OSV
added 2021/02/23 5:15 p.m.5 views

AZL-7375 CVE-2021-20230 affecting package stunnel for versions less than 5.70-1

A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to...

7.5CVSS7.1AI score0.01179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/12/07 8:21 p.m.44 views

CVE-2020-8554

A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. Mitigation ExternalIP addresses ranges can be configured as described below. OCP 4 is secure by default, though...

6.3CVSS0.09274EPSS
Exploits3References5
OSV
OSV
added 2020/07/30 4:15 p.m.8 views

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...

9.1CVSS7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/28 3:46 p.m.11 views

systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow a cooperating process to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to...

7.8CVSS5.9AI score0.00888EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2019/10/03 12:0 a.m.6 views

PT-2019-14629 · Rpyc +1 · Rpyc +1

Name of the Vulnerable Software and Affected Versions: RPyC versions 4.1.x through 4.1.1 Description: A remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings. Recommendations: For RP...

7.5CVSS8.2AI score0.13049EPSS
Exploits2References26
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.2 views

PT-2021-5793

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.2 Description A heap-based Buffer Overflow issue exists in FFmpeg, specifically at libavfilter/vf floodfill.c, which may lead to memory corruption and other potential consequences. This issue is related to a buffer overflow...

8.8CVSS7AI score0.01667EPSS
Exploits2References131
OSV
OSV
added 2019/08/17 5:15 p.m.5 views

CVE-2019-13069

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service...

7.8CVSS7.1AI score0.01171EPSS
Exploits3References2
Prion
Prion
added 2019/06/28 6:15 p.m.15 views

Design/Logic Flaw

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...

5.8CVSS6.2AI score0.01808EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/16 12:0 a.m.28 views

SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-1)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...

8.8CVSS6.8AI score0.01329EPSS
Exploits0References20
NVD
NVD
added 2019/05/07 10:29 p.m.27 views

CVE-2019-10712

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...

9.8CVSS9.6AI score0.02763EPSS
Exploits0References9
Prion
Prion
added 2019/05/07 10:29 p.m.22 views

Design/Logic Flaw

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...

7.5CVSS9.4AI score0.02763EPSS
Exploits0References9Affected Software16
CVE
CVE
added 2019/05/07 9:20 p.m.93 views

CVE-2019-10712

CVE-2019-10712 (WAGO 750-88x/750-87x): The issue is due to a vulnerability in the Web-GUI where undocumented service access exists, enabling use of hard-coded/default credentials to access web management interfaces. Affected devices include WAGO Series 750-88x (models such as 750-330, 750-352, 75...

9.8CVSS9.4AI score0.02763EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder