Lucene search
K

303 matches found

Prion
Prion
added 2023/01/05 12:15 p.m.16 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

5CVSS5.4AI score0.00981EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2022/12/15 12:0 a.m.234 views

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Directory Traversal File Write Exploit Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...

0.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2022/12/14 12:0 a.m.225 views

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Stored Cross-Site Scripting

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

7.2CVSS6.1AI score0.00393EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.8 views

PT-2022-10458 · Unknown · Rizalafani Cms-Php

Name of the Vulnerable Software and Affected Versions: rizalafani cms-php version 1 Description: The issue is related to a SQL Injection vulnerability in the get user function located in login manager.php. This vulnerability allows for potential SQL injection attacks. Recommendations: For...

9.8CVSS8.3AI score0.00656EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2022/10/27 12:0 a.m.8 views

Debian: Security Advisory (DLA-3162)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Prion
Prion
added 2022/10/19 10:15 p.m.23 views

Command injection

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller...

4.3CVSS8.6AI score0.00147EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/09/12 9:15 p.m.2 views

CVE-2022-38606

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php...

7.2CVSS5.8AI score0.0083EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/09/06 12:0 a.m.20 views

Debian: Security Advisory (DLA-3099-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.7AI score0.02904EPSS
Exploits12References4
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.3 views

PT-2022-20022 · Unknown · Arnoldaldrin/Binaries

Name of the Vulnerable Software and Affected Versions: arnoldaldrin/binaries versions prior to 1 Description: A stack-based buffer overflow issue has been identified. Recommendations: For versions prior to 1, update to version 1 or later to resolve the issue...

7.1AI score
Exploits0References2
Cvelist
Cvelist
added 2022/08/04 5:45 p.m.34 views

CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/06/30 7:14 p.m.10 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
Prion
Prion
added 2022/06/14 7:15 p.m.20 views

Design/Logic Flaw

SAP NetWeaver Developer Studio NWDS - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x...

3.6CVSS4.3AI score0.00243EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.41 views

Security Bulletin: Log4j vulnerability affects IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVE Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of...

7.5CVSS2.2AI score0.81147EPSS
Exploits9Affected Software1
CNNVD
CNNVD
added 2022/05/27 12:0 a.m.4 views

HCL Technologies BigFix Mobile/Modern Client Management 代码问题漏洞

HCL Technologies BigFix Mobile/Modern Client Management is a mobile device management software client from HCL Technologies, India. A security vulnerability exists in HCL Technologies BigFix Mobile/Modern Client Management v1.x, v2.0, which can be exploited by attackers to conduct Un-Auth XML...

5.3CVSS5.8AI score0.00701EPSS
Exploits0References3
OSV
OSV
added 2022/04/29 11:3 a.m.2 views

OESA-2022-1623 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

9.1CVSS6.9AI score0.01973EPSS
Exploits0References2
OSV
OSV
added 2022/04/08 9:15 a.m.2 views

CVE-2022-27352

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

8.8CVSS6.1AI score0.02538EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2022/03/23 12:0 a.m.29 views

Debian: Security Advisory (DSA-5106-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.5AI score0.00931EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2022/01/26 2:54 p.m.7 views

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

8.8CVSS7.4AI score0.61785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/26 2:48 p.m.3 views

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

9.8CVSS7AI score0.66537EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/01/24 12:0 a.m.7 views

PT-2022-11456

Name of the Vulnerable Software and Affected Versions Sourcecodester Banking System version 1 Description The issue allows attackers to execute arbitrary SQL commands via the username or password field, potentially leading to unauthorized access or data manipulation. Recommendations For...

9.8CVSS8AI score0.01254EPSS
Exploits1References5
Rows per page
Query Builder