Lucene search
K

98 matches found

RedHat Linux
RedHat Linux
added 2021/01/26 7:34 p.m.7 views

sudo: Heap buffer overflow in argument parsing

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...

7.8CVSS7.1AI score0.99295EPSS
Exploits81References8
OSV
OSV
added 2020/08/13 3:15 a.m.4 views

CVE-2020-8715

Invalid pointer for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable denial of service via local access...

5.5CVSS6.1AI score0.00311EPSS
Exploits0References2
wpexploit
wpexploit
added 2020/04/13 12:0 a.m.21 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mlagallery link=download. The LFI is restricted to the "wp-content" directory...

5CVSS2AI score0.04917EPSS
Exploits4References3
OSV
OSV
added 2019/11/14 5:15 p.m.4 views

CVE-2019-11170

Authentication bypass in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access...

7.8CVSS7.1AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2019/10/10 8:15 p.m.3 views

CVE-2019-9532

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal...

7.8CVSS7.1AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 8:29 p.m.2 views

DEBIAN-CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

7.8CVSS6.5AI score0.00416EPSS
Exploits0References1
NVD
NVD
added 2018/09/07 10:29 p.m.19 views

CVE-2018-15486

An issue was discovered on KONE Group Controller KGC devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02...

9.1CVSS9.3AI score0.02058EPSS
Exploits3References2
OSV
OSV
added 2018/06/07 9:29 p.m.5 views

CVE-2018-0335

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

7.8CVSS5.8AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/30 9:0 a.m.28 views

CVE-2017-12361

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber...

4.2AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2017/07/04 12:29 a.m.4 views

CVE-2017-6706

A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1...

5.1CVSS5.8AI score0.00384EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/26 12:0 a.m.3 views

Cisco Prime Collaboration Provisioning Tool Local Information Disclosure Vulnerability (CNVD-2017-11546)

Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. A security vulnerability exists in the logging subsystem in the Cisco Prime Collaboration Provisioning tool, where an unauthenticated local attacker obtains sensitive information. The vulnerabili...

5.1CVSS6.6AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2017/04/24 3:59 p.m.5 views

CVE-2017-2330

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that replicate themselves,...

6.2CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2017/02/09 5:59 p.m.4 views

CVE-2017-3813

A vulnerability in the Start Before Logon SBL module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the acce...

7.8CVSS5.9AI score0.01711EPSS
Exploits5References4
CNVD
CNVD
added 2016/07/21 12:0 a.m.3 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05388)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier, which can be exploited by an unauthenticated, local attacker to affect availability...

5.3CVSS8.2AI score0.02321EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.3 views

Oracle MySQL Server: Unauthorized Access Vulnerability in Parser Subcomponent

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in the Oracle MySQL Server: Parser subcomponent. An unauthenticated, local attacker can exploit the vulnerability to log in to access the MySQL Servermysql server to execute programs...

8.1CVSS8.1AI score0.00466EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.5 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05386)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by unauthenticated local users to affect availability...

4.9CVSS7.5AI score0.02151EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.2 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05390)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.6.30 and earlier, 5.7.12 and earlier, which can be exploited by an unauthenticated, local attacker to affect availability...

4.9CVSS6.2AI score0.02531EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.6 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05389)

Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by an unauthenticated, local attacker to affect availability...

4.9CVSS7.5AI score0.02213EPSS
Exploits0References1
Rows per page
Query Builder