Lucene search
K

265 matches found

CNNVD
CNNVD
added 2022/02/10 12:0 a.m.4 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of objects before performing operations on them, which can be exploited by attackers to execute code in the context of the current process...

8.8CVSS5.9AI score0.02382EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.4 views

Microsoft Azure Sphere 数据伪造问题漏洞

Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...

6.7CVSS5.6AI score0.00547EPSS
Exploits0References5
OSV
OSV
added 2021/07/08 7:15 p.m.4 views

CVE-2021-1585

A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...

8.1CVSS7.8AI score0.19958EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.4 views

Foxit Reader 资源管理错误漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A double release remote code execution vulnerability exists in Foxit Reader U3D file parsing. The vulnerability stems from not verifying the existence of an object before performing further release operations on it. An attacke...

7.8CVSS6.5AI score0.02819EPSS
Exploits0References3
OSV
OSV
added 2020/12/31 8:15 a.m.2 views

CVE-2020-25846

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

7.4CVSS7.1AI score0.00962EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.5 views

PT-2020-12548 · Hyperledger · Hyperledger Indy Node

Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...

8.7CVSS7.1AI score0.00933EPSS
Exploits1References13
OSV
OSV
added 2020/09/17 5:15 p.m.4 views

CVE-2020-25490

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine...

7.3CVSS7.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.3 views

The vulnerability of the ClearFuncs component in the configuration management system and the remote execution of SaltStack operations allows a perpetrator to gain access to confidential data.

The vulnerability of the ClearFuncs component in the configuration management system and remote execution of SaltStack operations is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

6.8CVSS7.7AI score0.86063EPSS
Exploits17References8Affected Software3
OSV
OSV
added 2020/07/31 6:15 p.m.2 views

UBUNTU-CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS7.3AI score0.00914EPSS
Exploits1References5
OSV
OSV
added 2020/05/26 11:15 p.m.7 views

UBUNTU-CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

5.9CVSS5.8AI score0.01928EPSS
Exploits1References5
CNVD
CNVD
added 2020/05/09 12:0 a.m.3 views

Business Alliance Financial Circle has a logic flaw vulnerability

Business Alliance Financial Circle BAFC is a cryptocurrency.A security vulnerability exists in the 'UBSexToken' function in BAFC's smart contract implementation, which stems from the fact that the function is publicly available and does not check the identity of the caller. The vulnerability can ...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/05/09 12:0 a.m.4 views

NewIntelTechMedia License Issues Vulnerabilities

NewIntelTechMedia NETM is a cryptocurrency.A security vulnerability exists in the 'NETM' function in NETM's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smar...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/05/09 12:0 a.m.2 views

BOMBBA Authorization Issue Vulnerability

BOMBBA BOMB is a cryptocurrency.A security vulnerability exists in the 'quaker' function of BOMB's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smart contrac...

6.8AI score
Exploits0
OSV
OSV
added 2020/04/22 2:15 p.m.3 views

CVE-2020-11539

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing mode 0 Bluetooth LE security level The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any...

8.1CVSS7.2AI score0.01034EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.3 views

The vulnerability of the Google Chrome browser’s Omnibox user interface lies in the lack of a mechanism for verifying the accuracy of entered data. This allows attackers to compromise the integrity of the data.

The vulnerability of the user interface in Google Chrome’s Omnibox is related to the lack of a mechanism for verifying the entered data. Exploiting this vulnerability allows an attacker to manipulate the integrity of data by creating a malicious HTML page...

7.1CVSS6.7AI score0.02207EPSS
Exploits0References10Affected Software6
CNVD
CNVD
added 2020/02/14 12:0 a.m.2 views

Foxit PhantomPDF Memory Error Reference Remote Code Execution Vulnerability (CNVD-2020-10628)

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A memory error referencing remote code execution vulnerability exists in the handling of watermarks in Foxit PhantomPDF 9.7.0.29455 and earlier versions. The vulnerability stems from a...

7.8CVSS8.1AI score0.19837EPSS
Exploits0References1
OSV
OSV
added 2020/01/27 10:15 a.m.3 views

CVE-2020-5522

The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

7.4CVSS6.4AI score0.0052EPSS
Exploits0References2
OSV
OSV
added 2019/08/29 12:15 p.m.7 views

CVE-2019-15770

The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...

8.8CVSS7.3AI score0.00691EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/07/17 12:0 a.m.2 views

PT-2019-5248 · Bittorrent +2 · Qbittorrent +2

Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 4.1.7 Description: The issue is related to the function Application::runExternalProgram located in app/application.cpp, which allows command injection via shell metacharacters in the torrent name parameter or...

10CVSS9.9AI score0.07913EPSS
Exploits1References41
OSV
OSV
added 2019/04/25 8:29 p.m.2 views

CVE-2018-16219

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker in the same network as the device to change the admin password without authentication via a POST request...

8.8CVSS5.9AI score0.01216EPSS
Exploits1References1
Rows per page
Query Builder