Lucene search
+L

67 matches found

Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.5 views

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting the non-virtualization use case are not considered security bugs at this time.

...

8.8CVSS7AI score0.00656EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/07/28 12:0 a.m.17 views

PT-2024-29710 · Splashtop · Splashtop Streamer

Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.7.0.0 Description: The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges...

7CVSS7.3AI score0.0014EPSS
Exploits0References5
OSV
OSV
added 2024/05/14 5:15 p.m.6 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

7.1CVSS5.8AI score0.00848EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.6 views

PT-2024-3553

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.0.0 Description The issue is related to a double free vulnerability, which may allow a privileged attacker to execute unauthorized code or commands. This can be achieved via crafted HTTP or HTTPS requests...

7.5CVSS7AI score0.01248EPSS
Exploits0References7
OSV
OSV
added 2024/04/16 10:15 p.m.7 views

CVE-2024-21084

Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Service Gateway. Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Whil...

5.8CVSS7.1AI score0.00437EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.7 views

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References18
OSV
OSV
added 2023/11/14 6:15 p.m.8 views

CVE-2023-33304

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials...

5.5CVSS5.8AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.5 views

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. PrestaShop boninstagramcarousel v5.2.1 version to v7.0.0 prior to the version of a security vulnerability , th...

9.8CVSS6.8AI score0.00565EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.10 views

PT-2023-14121 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.6 through 6.3.20 FortiWeb versions 6.4.0 through 6.4.2 FortiWeb versions 7.0.0 through 7.0.2 Description: The issue is related to an improper neutralization of CRLF sequences in HTTP headers, also known as 'HTTP Response...

5.4CVSS5.3AI score0.00463EPSS
Exploits0References5
OSV
OSV
added 2022/07/11 2:15 a.m.4 views

DEBIAN-CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...

8.8CVSS7.6AI score0.00656EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

Guzzle 信息泄露漏洞

Guzzle is a PHP HTTP client from the individual developers of guzzlehttp that makes it easy to send HTTP requests and easily integrates with web services. An information disclosure vulnerability exists in Guzzle versions 6.5.6 and earlier, 7.0.0 through 7.4.3, which stems from a cookie request...

7.5CVSS7.2AI score0.0182EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.6 views

PT-2022-3768 · Qemu +4 · Qemu +4

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 7.0.0 Description: The issue in QEMU's softmmu/physmem.c file can lead to an uninitialized read on the translate fail path, resulting in an io readx or io writex crash. A third party notes that this might not be...

8.8CVSS7.1AI score0.02904EPSS
Exploits21References207
vulnersOsv
vulnersOsv
added 2022/05/24 5:41 p.m.3 views

com.amazon.opendistroforelasticsearch:opendistro_security (>=1.0.0.0 <=1.0.0.2), com.amazon.opendistroforelasticsearch:opendistro_security_advanced_modules (>=1.0.0.0 <=1.0.0.2) +37 more potentially affected by CVE-2020-7021 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.0.1)

org.elasticsearch:elasticsearch MAVEN version =7.0.0, =1.0.0.0, =1.0.0.0, =1.31.2, =0.1.3, =7.0.0-35.0.0-beta1, =7.0.0-35.0.0-beta1, =0.1, =4.2, =4.2, =4.2, =1.1, =1.3 and more Source cves: CVE-2020-7021 Source advisory: OSV:GHSA-CQGV-256R-M9R8...

4.9CVSS6.5AI score0.01313EPSS
Exploits0
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.7 views

Redis Labs Redis 代码注入漏洞

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An injection vulnerability...

7.8CVSS7.8AI score0.02264EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2022/04/15 12:0 a.m.3 views

PT-2022-12147 · Fis +3 · Fis Gt.M +3

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions through V7.0-000 Description: The issue is related to a lack of input validation in calls to eb div in sr port/eb muldiv.c, which allows attackers to crash the application by performing a divide by zero. Recommendations: For...

7.5CVSS7.6AI score0.01642EPSS
Exploits0References29
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.7 views

NetSarang Xmanager 代码问题漏洞

NetSarang Xmanager is a powerful and convenient PC X server software package from NetSarang USA. It is used to bring UNIX/Linux desktops to Windows PCs. A security vulnerability exists in NetSarang Xmanager v7.0.0096 and below that allows attackers to execute arbitrary code via a crafted .exe fil...

6.9CVSS7.1AI score0.00421EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.23 views

DVDFab 路径遍历漏洞

DVDFab is a multimedia solution. A path traversal vulnerability exists in DVDFab 12 PlayerFab. The following products and versions are affected: DVDFab 12 from version 6.2.1.0 to 6.2.1.1, PlayerFab from version 7.0.0.0 to 7.0.0.5...

7.8CVSS7.3AI score0.13835EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.7 views

Fortinet FortiClient 代码注入漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in FortiClientMacOS...

5CVSS5.6AI score0.00413EPSS
Exploits0References3
NCSC
NCSC
added 2021/10/06 12:0 a.m.8 views

Vulnerabilities fixed in Fortinet FortiClientEMS

Fortinet has fixed vulnerabilities in FortiClientEMS. The vulnerability with reference CVE-2020-15941 concerns a path traversal vulnerability. This vulnerability allows an authenticated malicious person potentially able to add or delete files on the server to add or delete files. The vulnerabilit...

9.8CVSS7.1AI score0.03841EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/15 12:0 a.m.6 views

多款Cisco产品处理逻辑错误漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

7.7CVSS7.3AI score0.01188EPSS
Exploits0References5
Rows per page
Query Builder