Lucene search
+L

510 matches found

osv
osv
added 2019/06/03 8:29 p.m.4 views

UBUNTU-CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name...

9.8CVSS7.3AI score0.07622EPSS
Exploits0References10
osv
osv
added 2019/03/21 9:29 p.m.4 views

CVE-2019-8351

Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate...

9.1CVSS7.4AI score
Exploits0References1
cnvd
cnvd
added 2019/02/12 12:0 a.m.6 views

CloudBees Jenkins Token Macro Plugin Multiple Denial of Service Vulnerabilities

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Token Macro Plugin is used in one of the...

8.1CVSS6.7AI score0.02039EPSS
Exploits0References1
cnvd
cnvd
added 2019/01/11 12:0 a.m.4 views

Intel System Support Utility for Windows Elevation of Privilege Vulnerability

Intel System Support Utility for Windows is a Windows platform-based system support utility from Intel USA. The program is mainly used to identify the hardware model, operating system version and software installed on the computer. A security vulnerability exists in versions of Intel System Suppo...

7.8CVSS6.6AI score0.00349EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2018/12/19 12:0 a.m.7 views

PT-2018-15295 · Eclipse · Rdf4J

Name of the Vulnerable Software and Affected Versions: RDF4J versions 2.4.2 through 2.4.2 RDF4J versions prior to 2.5.0 Description: The issue allows Directory Traversal via ../ in an entry in a ZIP archive. Recommendations: For RDF4J version 2.4.2, update to version 2.5.0 or later. For RDF4J...

7.5CVSS7.2AI score0.01824EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2018/12/06 12:0 a.m.14 views

PT-2018-2518

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.14 Ansible versions prior to 2.6.11 Ansible versions prior to 2.7.5 Description The issue is related to a information disclosure flaw in vvv+ mode when no log is on, which can lead to the leakage of sensitive data...

8.2CVSS7.6AI score0.02462EPSS
Exploits0References191
cnvd
cnvd
added 2018/10/11 12:0 a.m.7 views

Cross-Site Request Forgery Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site request forgery vulnerability exists in cominstaller in Joomla! versions 2.5.0 through 3.8.12. A remote attacker can exploit this...

8.8CVSS8.6AI score0.0098EPSS
Exploits0References1
cnvd
cnvd
added 2018/08/27 12:0 a.m.6 views

Red Hat Libvirt Denial of Service Vulnerability (CNVD-2018-16495)

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability exists in Red Hat Libvirt versions...

7.7CVSS7.5AI score0.01529EPSS
Exploits0References1
cnvd
cnvd
added 2018/07/26 12:0 a.m.3 views

Code Execution Vulnerability in PESCMSDOC Document Management System

PESCMS DOC is a document system based on PESCMS 2.5. PESCMSDOC document management system code execution vulnerability, an attacker can use the vulnerability to execute remote code...

8AI score
Exploits0
cnvd
cnvd
added 2018/07/13 12:0 a.m.5 views

Dicoogle PACS File Inclusion Vulnerability

Dicoogle is an open source medical image repository with a scalable indexing system and distributed mechanism. A file inclusion vulnerability exists in Dicoogle PACS version 2.5.0 that allows an attacker to read arbitrary files accessible to web users...

6.8AI score
Exploits0References1
osv
osv
added 2018/07/03 1:29 a.m.6 views

ALPINE-CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS6.7AI score0.03088EPSS
Exploits0References1
cnvd
cnvd
added 2018/05/23 12:0 a.m.17 views

radare2 denial of service vulnerability (CNVD-2018-12201)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the rreadle32 function in radare2 2.5.0. A remote attacker can...

5.5CVSS5.7AI score0.01141EPSS
Exploits0References1
osv
osv
added 2018/04/25 9:29 p.m.8 views

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...

8.8CVSS6.1AI score0.01463EPSS
Exploits0References1
cnvd
cnvd
added 2018/04/24 12:0 a.m.2 views

GnuPG Security Bypass Vulnerability

GnuPG GNU Privacy Guard is a suite of open source encryption software developed by the GNU Project under the GNU General Public License. The software supports public key, symmetric encryption, hashing and other algorithms. A security vulnerability exists in GnuPG version 2.2.4 and 2.2.5, which...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References1
osv
osv
added 2018/03/27 9:29 p.m.6 views

CVE-2018-1238

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...

7.5CVSS5.9AI score0.01517EPSS
Exploits1References1
cnvd
cnvd
added 2018/01/05 12:0 a.m.6 views

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01133)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages. An attacker can use this...

4.3CVSS6.5AI score0.00916EPSS
Exploits0References1
osv
osv
added 2018/01/04 5:29 p.m.7 views

CVE-2017-1665

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559...

5.9CVSS5.8AI score0.00829EPSS
Exploits0References3
cnvd
cnvd
added 2018/01/03 12:0 a.m.5 views

Leanote Cross-Site Scripting Vulnerability

Leanote is an open source notepad application. A cross-site scripting vulnerability exists in Leanote 2.5 and earlier versions, which stems from the program failing to filter input in markdown comments. A remote attacker can use this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00836EPSS
Exploits1References1
redhat
redhat
added 2017/12/04 12:10 a.m.6 views

Mozilla: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 (MFSA 2017-25)

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird...

10CVSS7.4AI score0.03343EPSS
Exploits0References5
cnvd
cnvd
added 2017/11/17 12:0 a.m.5 views

nodejs ejs cross-site scripting vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A cross-site scripting vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.5. A remote attacker can exploit the vulnerability to inject code...

6.1CVSS6.3AI score0.01233EPSS
Exploits0References1
Rows per page
Query Builder