Lucene search
K

204 matches found

NVD
NVD
added 2023/05/31 8:15 p.m.29 views

CVE-2023-33730

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...

9.8CVSS9.5AI score0.01175EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/31 12:0 a.m.30 views

CVE-2023-33730

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format...

9.7AI score0.01175EPSS
Exploits2References1
OSV
OSV
added 2023/04/24 8:15 a.m.8 views

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

4.8CVSS4.9AI score
Exploits0References2
OSV
OSV
added 2023/03/14 11:1 p.m.26 views

GHSA-HW7C-3RFG-P46J google.golang.org/protobuf vulnerable to panic leading to denial of service

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...

7.5CVSS7.5AI score0.01089EPSS
Exploits0References5
OSV
OSV
added 2023/03/14 4:47 p.m.37 views

GO-2023-1631 Panic when parsing invalid messages in google.golang.org/protobuf

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic...

7.5CVSS7.5AI score0.01089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.4 views

PT-2023-19680 · Canonical +9 · Golang-Github-Golang-Protobuf-1-3 +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises when parsing invalid messages, which can cause a panic. Specifically, parsing a text-format message that contains a potential number...

7.5CVSS7.7AI score0.01089EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2023/03/08 6:20 a.m.7 views

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2023-21716 Microsoft Word RTF Font Table Heap Corruption...

9.8CVSS7.9AI score0.82302EPSS
Exploits11
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3452

Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...

9.3CVSS8.1AI score0.10274EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.1 views

SUSE CVE-2014-9093

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service invalid write operation and crash and possibly execute arbitrary code via a crafted RTF file...

7.5CVSS7.8AI score0.04143EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.1 views

SUSE CVE-2015-7629

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary...

9.3CVSS8AI score0.07982EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.8 views

PT-2022-7396 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to the improper neutralization of input data during web page generation, allowing a remote attacker to execute arbitrary code using specially crafted RTF data. This can be used t...

10CVSS7AI score0.99628EPSS
Exploits40References204
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.9 views

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

6.1CVSS5.4AI score0.00598EPSS
Exploits1References4
Veracode
Veracode
added 2022/10/06 4:0 a.m.30 views

Denial Of Service (DoS)

protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...

7.5CVSS7.4AI score0.01048EPSS
Exploits0References15Affected Software2
Snyk
Snyk
added 2022/10/04 10:17 p.m.1 views

Denial of Service (DoS)

Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS via the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unkno...

7.5CVSS7.1AI score0.01048EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/10/04 10:17 p.m.82 views

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS7.5AI score0.01048EPSS
Exploits0References12Affected Software5
Malwarebytes
Malwarebytes
added 2022/05/30 6:9 p.m.197 views

Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)

Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...

9.3CVSS0.99374EPSS
Exploits62
NCSC
NCSC
added 2022/05/30 12:0 a.m.5 views

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

7.1AI score
Exploits0
Drupal
Drupal
added 2022/01/25 12:0 a.m.14 views

Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011

This module provides a very simple, mobile-friendly navigation toolbar. The module doesn't sufficiently check for user-provided input. This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format like the default "Filtered HTML" format tha...

6.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2021/12/18 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-5202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.14839EPSS
Exploits0References2
NVD
NVD
added 2021/12/17 5:15 p.m.30 views

CVE-2020-8968

Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...

7.1CVSS0.00272EPSS
Exploits0References1
Rows per page
Query Builder