Lucene search
K

313 matches found

CNNVD
CNNVD
added 2022/10/06 12:0 a.m.5 views

ASUS RT-AX56U 缓冲区错误漏洞

ASUS RT-AX56U is a wireless router from ASUS, China.ASUS RT-AX56U Router firmware version 3.0.0.4.386.44266 has a buffer overflow vulnerability, which stems from the strcat function's lack of length checks for user input data, which can be exploited by attackers to remotely execute commands...

8.8CVSS7.5AI score0.01344EPSS
Exploits1References3
OSV
OSV
added 2022/08/27 6:15 a.m.23 views

CVE-2019-15167

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrpprint for VRRP version 3, a different vulnerability than CVE-2018-14463...

9.1CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2022/08/25 6:40 p.m.81 views

CVE-2022-20823

Cisco NX-OS Software OSPFv3 DoS vulnerability (CVE-2022-20823) arises from incomplete input validation of OSPFv3 LSAs. An unauthenticated remote attacker sending crafted OSPFv3 LSAs can crash and restart the OSPFv3 process, causing device reloads and DoS. The feature is disabled by default and ex...

8.6CVSS8.5AI score0.01022EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.3 views

PT-2022-4455 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: The issue is related to the OSPF version 3 OSPFv3 feature of Cisco NX-OS Software and is due to incomplete input validation of specific OSPFv3 packets. This could allow an...

8.6CVSS8.3AI score0.01022EPSS
Exploits0References6
Prion
Prion
added 2022/08/01 2:15 p.m.13 views

Default credentials

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password...

5CVSS7.5AI score0.00824EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/01 2:2 p.m.29 views

CVE-2022-36301

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password...

9.8CVSS9.6AI score0.00824EPSS
Exploits0References1
CVE
CVE
added 2022/08/01 2:2 p.m.58 views

CVE-2022-36301

CVE-2022-36301 affects BF-OS versions 3.x up to 3.83. The vulnerability arises from not enforcing strong passwords, enabling a remote attacker to brute-force the device password. Documented impact is high for confidentiality and availability, with the base CVSS indicating network access, low comp...

9.8CVSS7.4AI score0.00824EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/07 12:0 a.m.5 views

PT-2022-7817 · Red Hat · Openshift Origin

Name of the Vulnerable Software and Affected Versions: Openshift Origin version 3 Description: The issue is related to insecure cookies being set in the console of Openshift Origin. Specifically, the cookies lack 'secure' and 'HttpOnly' attributes. Recommendations: For Openshift Origin version 3,...

5.3CVSS7AI score0.00686EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/14 3:16 a.m.24 views

Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01201EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/04/19 11:15 p.m.31 views

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

6.1CVSS0.0076EPSS
Exploits0References3
OSV
OSV
added 2022/01/12 10:51 p.m.8 views

GHSA-VP5X-3V8R-QPRW Deserialization of Untrusted Data in Dubbo

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some...

9.8CVSS6AI score0.15313EPSS
Exploits1References2
OSV
OSV
added 2022/01/08 12:43 a.m.23 views

GHSA-Q656-G2X3-8CGH Kylin can receive user input and load any class through Class.forName(...).

Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

9.8CVSS9.5AI score0.02902EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/01/05 12:15 a.m.4 views

admin-tool-button (>=1.0.1a0 <=1.0.5a0), apis-ampel (=0.1.0) +51 more potentially affected by CVE-2021-45452 via django (>=3.2.0 <=3.2.10)

django PYPI version =3.2.0, =1.0.1a0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =22.0.0.dev30 - autoreduce-utils =0.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 - django-admin-taggit-ui =0.1.0.dev0 - django-blocklist =1.0.0 - django-brazilian-zipcode =0.1.0 -...

5.3CVSS6.7AI score0.02388EPSS
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.271 views

Siemens S7 Layer 2 - Denial of Service (DoS)

Exploit Title: Siemens S7 Layer 2 - Denial of Service DoS Date: 21/10/2021 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/us/en.html Version: Firmware versions = 3 Tested on: Siemens S7-300, S7-400 PLCs !/usr/bin/python3 from scapy.all import from colorama import Fore, Back...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/11/08 12:0 a.m.483 views

Sonatype Nexus Repository Manager 3.x < 3.21.2 RCE

The Sonatype Nexus Repository Manager server application running on the remote host is version 3.x prior to 3.21.2. It is, therefore, affected by a remote code execution vulnerability, which allows for an attacker with any type of account on NXRM to execute arbitrary code by crafting a malicious...

9CVSS9AI score0.99064EPSS
Exploits10References2
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.47 views

Python 'socket.recvfrom_into' Buffer Overflow Vulnerability (Mar 2014) - Linux

Python is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

7.5CVSS7.9AI score0.28319EPSS
Exploits7References4
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.3 views

Bludit 跨站脚本漏洞

Bludit is an open source lightweight blog content management system CMS. A security vulnerability exists in version 3-13-1 of bludit. No more information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

6.1CVSS6.2AI score0.05621EPSS
Exploits4References5
NVD
NVD
added 2021/10/12 2:15 p.m.29 views

CVE-2021-38454

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

10CVSS0.15789EPSS
Exploits0References1
OSV
OSV
added 2021/10/12 2:15 p.m.4 views

CVE-2021-38458

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries...

9.8CVSS7.6AI score0.01707EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/10/11 12:0 a.m.9 views

LimeSurvey 3.x-LTS < 3.27.19 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability in assets/scripts/modaldialog.js and assets/scripts/uploader.js. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.1CVSS6AI score0.01481EPSS
Exploits1References2
Rows per page
Query Builder