Lucene search
K

112 matches found

Talos
Talos
added 2022/05/10 12:0 a.m.40 views

InHand Networks InRouter302 iburn firmware checks firmware update vulnerability

Summary A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Network...

9.9CVSS6.6AI score0.0125EPSS
Exploits1
Citrix
Citrix
added 2022/02/25 12:0 a.m.7 views

ELM : When we click on upgrade and try to browse we get the error : there was an error on processing web request : status code 400 (bad Request ) : Bad Request

Error : there was an error on processing web request : status code 400 bad Request : Bad Request...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/22 2:3 p.m.39 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...

9.8CVSS0.9AI score0.37286EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/08 3:27 p.m.35 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525

Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525 with details below Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or...

5.9CVSS6.6AI score0.03692EPSS
Exploits0Affected Software2
Code423n4
Code423n4
added 2021/09/28 12:0 a.m.12 views

onlyOwner Role Can Manipulate Price Oracle

Handle leastwood Vulnerability details Impact The V2 LendingController.sol contract incorporates a custom oracle used to fetch the relevant price feeds for token pairs. The onlyOwner role is controlled by a modified timelock contract callable only from a single externally owned account. This role...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/24 1:13 p.m.33 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)

Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 with details below. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the...

7.4CVSS0.9AI score0.62906EPSS
Exploits4Affected Software2
CNNVD
CNNVD
added 2021/06/04 12:0 a.m.5 views

openSUSE 安全漏洞

openSUSE is a set of Linux-based free operating systems and open source community projects by German company SUSE. A security vulnerability exists in openSUSE, which can be exploited by an attacker to bypass restrictions and perform elevation of privilege via inn's inupgrade...

7.8CVSS7.3AI score0.00318EPSS
Exploits1References3
Citrix
Citrix
added 2021/05/27 12:0 a.m.7 views

Upgrade CA server from SHA1 to SHA256

The objective of this article is to explain what SHA-1 is and how to upgrade the XM XenMobile server with SHA-1 based Certificate...

7.1AI score
Exploits0
OSV
OSV
added 2021/04/29 6:15 p.m.4 views

CVE-2021-1488

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...

6.7CVSS5.8AI score0.00259EPSS
Exploits0References1
Prion
Prion
added 2021/04/29 6:15 p.m.18 views

Input validation

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...

7.2CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2021/04/29 5:31 p.m.9 views

CVE-2021-1488 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...

6.7CVSS6.7AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/29 5:31 p.m.25 views

CVE-2021-1488 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...

6.7CVSS6.7AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/28 12:0 a.m.3 views

PT-2021-2834 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the upgrade process could allow an authenticated, local attacker to inject commands...

7.2CVSS6.3AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.6 views

Multiple Cisco Products Data Forgery Issue Vulnerabilities

The Cisco 8000 Series Router and the Cisco Network Convergence System 540 Series Routers are both router devices from Cisco USA. A data forgery vulnerability exists in Cisco IOS XR on multiple Cisco routers. The vulnerability is due to an unsigned script in the ISO that is verified without...

6.7CVSS7.1AI score0.00204EPSS
Exploits0References3
OSV
OSV
added 2020/06/18 3:15 a.m.4 views

CVE-2020-3336

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

7.2CVSS5.8AI score0.02074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/06/18 2:16 a.m.10 views

CVE-2020-3336 Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

7.2CVSS7.1AI score0.02074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/07 12:0 a.m.3 views

PT-2020-9605 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions 3.x Description: A flaw was discovered in the upgrade process of OpenShift Container Platform, specifically when using CRI-O. The issue allows an unprivileged user to escalate their privileges to those...

8.8CVSS7.5AI score0.01053EPSS
Exploits1References3
NVD
NVD
added 2019/09/26 4:15 p.m.56 views

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

5.3CVSS5.2AI score0.01203EPSS
Exploits0References3
OSV
OSV
added 2019/09/26 4:15 p.m.32 views

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

5.3CVSS6.7AI score0.01203EPSS
Exploits0References3
Prion
Prion
added 2019/09/26 4:15 p.m.19 views

Design/Logic Flaw

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

5CVSS5.2AI score0.01203EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder