Lucene search
+L

182 matches found

CNNVD
CNNVD
added 2023/12/13 12:0 a.m.5 views

Adobe Substance 3D Designer 缓冲区错误漏洞

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer version 13.0.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the current user's...

7.8CVSS7.7AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.5 views

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...

7.8CVSS7.2AI score0.00338EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.26 views

EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-1792)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

7.8CVSS8.2AI score0.55367EPSS
Exploits20References2
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.5 views

Adobe Acrobat Reader 输入验证错误漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader, which can be exploited by an attacker to execute arbitrary code in the current user's...

7.8CVSS7.5AI score0.04305EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/01 12:0 a.m.6 views

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A cross-site scripting vulnerability exists in Grafana version 8.1, which stems from map attributes not...

7.3CVSS7.4AI score0.1546EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.4 views

SUSE CVE-2014-8169

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

4.4CVSS7AI score0.00335EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/01/18 12:0 a.m.74 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

7.8CVSS7.8AI score0.55367EPSS
Exploits20
PyPA
PyPA
added 2021/11/04 6:15 p.m.6 views

PYSEC-2021-386

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

7.5CVSS6.9AI score0.00778EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/10/13 4:15 p.m.26 views

CVE-2021-22035

VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...

4.3CVSS0.00553EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.4 views

Schneider Electric EcoStruxure Control Expert 路径遍历漏洞

Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A path traversal vulnerability exists in EcoStruxure Control Expert Classic that stems from a lack of proper...

9.3CVSS7.6AI score0.261EPSS
Exploits0References3
Prion
Prion
added 2021/08/25 6:15 p.m.14 views

Input validation

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

6.8CVSS8.8AI score0.0173EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/07/27 8:39 a.m.3 views

SUSE-SU-2021:2473-1 Security update for slurm

This update for slurm fixes the following issues: Updated to 20.11.7 Summary of new features: CVE-2021-31215: Fixed a remote code execution as SlurmUser bsc1186024. slurmd - handle configless failures gracefully instead of hanging indefinitely. select/constres - fix Dragonfly topology not selecti...

8.8CVSS9.1AI score0.02902EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/01/22 12:0 a.m.230 views

Selea CarPlateServer 4.0.1.6 Remote Program Execution

Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...

1AI score
Exploits0
0day.today
0day.today
added 2021/01/22 12:0 a.m.45 views

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Vulnerability

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120...

7.4AI score
Exploits0
OSV
OSV
added 2020/09/03 10:15 p.m.7 views

GHSA-G2C4-4M64-VXM3 Malicious Package in buffer-yor

Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...

9.8CVSS7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.39 views

NewStart CGSL MAIN 4.05 : openssh Multiple Vulnerabilities (NS-SA-2019-0139)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by multiple vulnerabilities: - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use th...

7.8CVSS7.1AI score0.88944EPSS
Exploits12References3
Packet Storm
Packet Storm
added 2019/06/28 12:0 a.m.126 views

Windows Escalate UAC Protection Bypass Via SilentCleanup

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via SilentCleanup', 'Description' = %q There's a task in Windows Task Scheduler called "SilentCleanup"...

0.8AI score
Exploits0
Kitploit
Kitploit
added 2018/01/26 12:47 p.m.18 views

Wavecrack - Web Interface For Password Cracking With Hashcat

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...

7.2AI score
Exploits0References11
n0where
n0where
added 2017/11/21 4:51 p.m.32 views

Password Recovery Platform: Wavecrack

A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...

0.1AI score
Exploits0References8
Prion
Prion
added 2015/03/18 4:59 p.m.21 views

Directory traversal

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...

4.4CVSS6.8AI score0.00335EPSS
Exploits0References7Affected Software6
Rows per page
Query Builder