Lucene search
K

361 matches found

OSV
OSV
added 2022/09/23 6:15 a.m.2 views

DEBIAN-CVE-2020-36604

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...

8.1CVSS7.7AI score0.0095EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/09/19 12:0 a.m.14 views

TYPO3 Information Disclosure Vulnerability (TYPO3-CORE-SA-2022-007)

TYPO3 is prone to an information disclosure vulnerability SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

5.3CVSS5AI score0.01014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/15 12:0 a.m.8 views

PT-2022-11976 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP version 9 Description: An issue was discovered in the creation of a new user through the "/WebInterface/UserManager/" interface, allowing an attacker with access to the administration panel to perform Stored Cross-Site Scripting XSS...

4.8CVSS4.8AI score0.00559EPSS
Exploits1References6
Hewlett-Packard
Hewlett-Packard
added 2022/09/06 12:0 a.m.46 views

Privilege escalation in HP Support Assistant

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up. HP strives to...

7.8CVSS1.5AI score0.02776EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/02 5:30 p.m.25 views

CVE-2022-34378

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service...

5.5CVSS5.5AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2022/07/27 9:15 p.m.5 views

CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1...

8.4CVSS5.8AI score0.00197EPSS
Exploits0References1
Prion
Prion
added 2022/07/27 9:15 p.m.24 views

Command injection

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

7.5CVSS9.5AI score0.01484EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/07/27 9:15 p.m.20 views

Code injection

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

7.5CVSS9.5AI score0.01009EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/22 4:15 p.m.6 views

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...

5CVSS5.8AI score0.00785EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/13 5:56 p.m.69 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere...

5.3CVSS0.6AI score0.03458EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.11 views

PT-2022-3361 · Weblizar · School Management Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: School Management WordPress plugin versions prior to 9.9.7 Description: The issue is related to an obfuscated backdoor injected in the license checking code of the School Management WordPress plugin, which registers a REST API handler. This...

10CVSS9.7AI score0.64321EPSS
Exploits6References19
OpenVAS
OpenVAS
added 2022/05/03 12:0 a.m.14 views

Drupal Input Validation Vulnerability (SA-CORE-2022-008) - Linux

Drupal is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

7.5CVSS7.5AI score0.00568EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/05/03 12:0 a.m.15 views

Drupal Input Validation Vulnerability (SA-CORE-2022-008) - Windows

Drupal is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

7.5CVSS7.5AI score0.00568EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/04/01 12:0 a.m.1149 views

Apache Tomcat 9.0.0.M1 < 9.0.62 Spring4Shell CVE-2021-43980

The version of Apache Tomcat installed on the remote host is 9.x prior to 9.0.62. - The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat...

9.8CVSS7.5AI score0.99677EPSS
Exploits103References3
OpenVAS
OpenVAS
added 2022/03/28 12:0 a.m.21 views

GitLab 9.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

6.1CVSS6.1AI score0.00771EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/03/18 12:0 a.m.25 views

Drupal Information Disclosure Vulnerability (SA-CORE-2022-004) - Windows

Drupal is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.5CVSS6.3AI score0.00769EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/08 6:56 a.m.6 views

Multiple vulnerabilities in OMRON CX-Programmer

Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds Write CWE-787 - CVE-2022-21124 Use After Free CWE-416 - CVE-2022-25230 Use After Free CWE-416 - CVE-2022-25325 Out-of-bounds Read CWE-125 - CVE-2022-21219 Out-of-bounds Write CWE-787...

7.8CVSS7.5AI score0.01456EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2022/03/03 12:0 a.m.28 views

IBM WebSphere Application Server 9.x < 9.0.5.12 Clickjacking

The IBM WebSphere Application Server running on the remote host is 9.x prior to 9.0.5.12. It is, therefore, affected by a clickjacking vulnerability. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

5.4CVSS5.7AI score0.00689EPSS
Exploits0References2
NVD
NVD
added 2022/01/10 4:15 p.m.20 views

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

5.4CVSS0.00633EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.15 views

Mozilla Firefox Security Advisory (MFSA2011-57) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.8CVSS6.6AI score0.01356EPSS
Exploits0References3
Rows per page
Query Builder