Lucene search
K

131 matches found

Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.2 views

PT-2021-3139 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in...

7.1CVSS4.2AI score0.0124EPSS
Exploits0References9
0day.today
0day.today
added 2021/03/23 12:0 a.m.309 views

Microsoft Exchange ProxyLogon Remote Code Execution Exploit

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you...

9.1CVSS9.6AI score0.99999EPSS
Exploits65
Positive Technologies
Positive Technologies
added 2021/03/09 12:0 a.m.1 views

PT-2021-2379 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: The issue exists due to insufficie...

5.8CVSS4.1AI score0.01233EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/02 3:42 p.m.29 views

Security Bulletin: Android Mobile SDK compile builder includes vulnerable components

Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...

9.8CVSS1.6AI score0.20135EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/25 2:34 p.m.41 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798 Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization componen...

5.8CVSS2.5AI score0.03713EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/19 7:44 a.m.4 views

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...

10CVSS8.3AI score0.73946EPSS
Exploits22References37
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/27 12:4 a.m.61 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19126 DESCRIPTION: GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore...

9.8CVSS0.5AI score0.17939EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/28 5:16 p.m.60 views

Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-2583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an...

9.8CVSS0.9AI score0.19426EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 8:58 p.m.47 views

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to using component with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-8009 DESCRIPTION: Apache Hadoop could could allow a remote attacker to traverse directories on the system. By persuading a...

9.8CVSS0.7AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/07 8:49 p.m.36 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-12545 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations...

9.8CVSS0.2AI score0.55895EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2020/06/15 12:0 a.m.161 views

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities

OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...

5CVSS0.2AI score0.02029EPSS
Exploits5
OSV
OSV
added 2019/08/16 5:15 p.m.4 views

CVE-2019-7959

Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution...

9.8CVSS7.5AI score0.06529EPSS
Exploits0References1
OSV
OSV
added 2019/03/21 4:1 p.m.4 views

CVE-2019-5011

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use...

5.5CVSS6.7AI score0.00398EPSS
Exploits0References1
NVD
NVD
added 2019/03/21 4:1 p.m.29 views

CVE-2019-5011

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use...

7.1CVSS6.1AI score0.00398EPSS
Exploits0References1
Prion
Prion
added 2019/02/04 9:29 p.m.16 views

Input validation

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...

5.8CVSS7.4AI score0.0116EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/01/16 12:0 a.m.251 views

Streamworks Job Scheduler Release 7 Authentication Weakness

Affected Products Streamworks Job Scheduler Release 7 older/newer releases have not been tested References Secuvera-SA-2016-01 https://www.secuvera.de/advisories/secuvera-SA-2016-01.txt used for updates No CVE number could be assigned vendor not listed under...

5CVSS0.2AI score0.99999EPSS
Exploits88
RedHat Linux
RedHat Linux
added 2018/12/05 3:53 p.m.5 views

OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS7.3AI score0.07215EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.40 views

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper...

5.8CVSS6AI score0.03201EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.32 views

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4905, CVE-2014-3576)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when...

7.5CVSS0.9AI score0.12794EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.18 views

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2014-1211)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2014-1211 DESCRIPTION: VMware vCloud Director is vulnerable to cross-site request forgery, caused by improper validation of...

6.8CVSS0.6AI score0.01291EPSS
Exploits0Affected Software1
Rows per page
Query Builder