Lucene search
+L

250 matches found

vulnersOsv
vulnersOsv
added 2019/08/18 9:18 a.m.5 views

ayakashi (>=1.0.0-beta3 <=1.0.0-beta5.2), cplotter-validator (>=0.0.1 <=0.0.2) +7 more potentially affected by CVE-2019-10752 via sequelize (>=5.10.0 <=5.14.0)

sequelize NPM version =5.10.0, =1.0.0-beta3, =0.0.1, =2.0.0-alpha.2, =1.0.0-beta.15, =2.0.0, =1.0.8, =1.0.9 Source cves: CVE-2019-10752 Source advisory: SNYK:JS-SEQUELIZE-459751...

9.8CVSS7.2AI score0.01462EPSS
Exploits1
OSV
OSV
added 2019/08/14 5:15 p.m.4 views

CVE-2019-3637

Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges...

6.7CVSS6AI score0.00284EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2019/08/02 12:8 p.m.44 views

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

8.8CVSS7.9AI score0.00549EPSS
Exploits0
CNVD
CNVD
added 2019/05/24 12:0 a.m.6 views

ZOHO ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2019-15893)

ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine ADSelfService Plus versions 5.x through 5704, which can be exploited by an attacker to execute client-side code...

6.1CVSS6.5AI score0.03496EPSS
Exploits0References1
NVD
NVD
added 2019/04/10 9:29 p.m.33 views

CVE-2019-11069

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...

7.5CVSS7.5AI score0.01823EPSS
Exploits0References4
OSV
OSV
added 2019/04/10 9:29 p.m.15 views

CVE-2019-11069

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...

7.5CVSS7.6AI score
Exploits0References4
Prion
Prion
added 2019/04/10 9:29 p.m.15 views

Design/Logic Flaw

Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used...

5CVSS7.5AI score0.01823EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/04/10 12:0 a.m.62 views

CVE-2019-11069

Severity: CVE-2019-11069 affects Sequelize versions prior to 5.3.0, where standard-conforming strings are not guaranteed, enabling potential SQL injection via backslash handling in PostgreSQL string literals. Affected component: Sequelize (Node.js ORM) in 5.x series before 5.3.0. Root cause: impr...

7.5CVSS7.5AI score0.01823EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/03/25 6:20 p.m.21 views

CVE-2015-1012

Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless...

7.5AI score0.00771EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2019/01/29 12:0 a.m.210 views

Care2x 2.7 (HIS) Hospital Information System SQL Injection

Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/12/12 12:0 a.m.94 views

ThinkPHP 5.x Remote Code Execution

Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2018/12/10 12:0 a.m.207 views

PHP 5.x < 5.6.39, 7.x < 7.0.33, 7.1.x < 7.1.26, 7.2.x < 7.2.14 DoS Vulnerability - Windows

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

7.5CVSS7.2AI score0.06278EPSS
Exploits0References2
Trellix
Trellix
added 2018/10/10 12:0 a.m.35 views

Rapidly Evolving Ransomware Gandcrab Version

ARCHIVED STORY Ransomware GandCrab Version 5 Partners With Crypter Service for Obfuscation By Alexandre Mundo · October 10, 2018 The GandCrab ransomware, which first appeared in January, has been updated rapidly during its short life, with Version 5.0.2 appearing this month. In this post we will...

7.3AI score0.73721EPSS
Exploits25
Github Security Blog
Github Security Blog
added 2018/07/24 7:44 p.m.24 views

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

9.8CVSS5.6AI score0.10513EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/06/26 4:29 p.m.17 views

CVE-2018-1000505

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

6.5CVSS6.7AI score0.00529EPSS
Exploits1References1
OSV
OSV
added 2018/06/26 4:29 p.m.26 views

PYSEC-2018-79

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data Data Amplification vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sendi...

7.5CVSS4.8AI score0.01818EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.16 views

CVE-2018-1000512

Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...

6.1AI score0.00808EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.29 views

CVE-2018-1000505

Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...

6.7AI score0.00529EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:5 p.m.43 views

Potential Security Vulnerabilities With JavaTM SDKs

Abstract Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content Content VULNERABILITY DETAILS: CVE ID: CVE-2011-3563, CVE-2011-5035...

10CVSS8.8AI score0.98113EPSS
Exploits35Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:10 p.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBMョ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console DSWC. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVE-ID: CVE-2014-6593...

5CVSS1.1AI score0.67234EPSS
Exploits5Affected Software1
Rows per page
Query Builder