Lucene search
K

63 matches found

ATTACKERKB
ATTACKERKB
added 2023/10/10 5:15 a.m.5 views

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

8.8CVSS5.9AI score0.01457EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.5 views

UNISOC chipset 安全漏洞

The UNISOC chipset is an integrated circuit chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC chipset that stems from a lack of privilege checking in the power management service, which could result in setting up the power management service without additiona...

7.8CVSS7.5AI score0.00107EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/27 1:15 a.m.4 views

CVE-2022-33202

Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...

8.1CVSS5.8AI score0.00393EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/13 4:15 p.m.2 views

DEBIAN-CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS7AI score0.84657EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/12 12:0 a.m.5 views

Antilles 代码问题漏洞

Lenovo Antilles is an open-source infrastructure management software for high performance computing Hpc from Lenovo, China. A security vulnerability exists in versions of Antilles open-source software prior to 1.0.1, which stems from the non-existence of packages listed in requirements.txt in the...

8.8CVSS5.8AI score0.01971EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

SAP Setup 安全漏洞

SAP ERP is a series of software for ERP management from SAP, a German company. A security vulnerability exists in SAP Setup version-9.0. Unreferenced service paths could lead to privilege escalation during the installation process performed when registering the executable. This could further lead...

7.5CVSS7.5AI score0.00228EPSS
Exploits0References4
CNVD
CNVD
added 2020/07/15 12:0 a.m.4 views

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2020-44278)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in the Setup of Mobil...

9.1CVSS9.2AI score0.01641EPSS
Exploits0References1
OSV
OSV
added 2020/06/04 4:15 p.m.5 views

CVE-2020-9462

An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further...

4.3CVSS5.7AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2020/06/01 7:15 a.m.5 views

CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS7.3AI score0.0057EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/30 12:0 a.m.4 views

TP-Link TL-WA855RE login.json Authentication Privilege Elevation Improper Vulnerability

The TP-Link TL-WA855RE is a wireless network signal extender from China P&L TP-Link. A security vulnerability exists in the initial setup process in the TP-Link TL-WA855RE, which stems from the program failing to properly validate the initial setup request. The vulnerability can be exploited by a...

8CVSS7.2AI score0.01123EPSS
Exploits0References1
Atlassian
Atlassian
added 2020/04/16 7:57 p.m.49 views

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS5.7AI score0.0057EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/04/16 7:57 p.m.61 views

CSRF in the setup resources - CVE-2020-4018

The setup resources in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to complete the setup process via a cross-site request forgery CSRF vulnerability...

8.8CVSS5.7AI score0.0057EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/07/10 6:15 p.m.5 views

CVE-2019-5220

There is a Factory Reset Protection FRP bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/02/22 6:0 a.m.24 views

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

9.8AI score0.02422EPSS
Exploits1References2
OSV
OSV
added 2018/09/21 5:29 p.m.2 views

DEBIAN-CVE-2013-7203

gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup...

5.5CVSS6.6AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2018/02/21 12:29 a.m.4 views

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

8.1CVSS6.1AI score0.01648EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/26 12:0 a.m.5 views

ovirt-hosted-engine-setup information disclosure vulnerability

ovirt-hosted-engine-setup is a web hosting engine installation tool. An information disclosure vulnerability exists in versions of ovirt-hosted-engine-setup prior to 2.2.7. An attacker can exploit this vulnerability to obtain the root user password in a log file...

7.8CVSS6.4AI score0.00415EPSS
Exploits1References1
OSV
OSV
added 2018/01/16 7:29 p.m.6 views

CVE-2017-16551

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way...

7CVSS5.8AI score0.00267EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/11/10 12:0 a.m.5 views

The vulnerability of the lp_setup() function in the Secure Boot environment loader of the Linux operating system allows a hacker to cause a system failure.

The vulnerability of the lpsetup function, a loader for the Secure Boot mechanism in Linux kernel, arises from writing beyond buffer boundaries. The Linux driver/char/lp.c code does not perform boundary checking on the parportnr array. Exploiting this vulnerability could allow an attacker to caus...

7.8CVSS6.7AI score0.00639EPSS
Exploits2References44Affected Software1
RedHat Linux
RedHat Linux
added 2014/05/27 4:20 p.m.5 views

ovirt-engine-reports: setup script logs database password in cleartext

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports rhevm-reports package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file...

2.1CVSS5.8AI score0.00372EPSS
Exploits0References4
Rows per page
Query Builder