Lucene search
+L

630 matches found

BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.5 views

The vulnerability of the Live Share extension of the Microsoft Visual Studio software allows a hacker to redirect users to a malicious URL.

The vulnerability of the Live Share extension of the Microsoft Visual Studio development tool is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to redirect users to a malicious URL by convincing them to connect to a specially created Live Share...

4.7CVSS6.3AI score0.01482EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2019/10/16 3:1 p.m.12 views

OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS7.4AI score0.03284EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2019/10/15 9:2 p.m.119 views

Unencrypted Mobile Traffic on Tor Network Leaks PII

Unencrypted, sensitive and confidential user data originating from millions of mobile devices is carried on the Tor network every day. Now researchers say they have devised away to scoop up that data and create personal profiles for specific mobile users, that include GPS coordinates, web...

7.2AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/14 6:35 p.m.5 views

keycloak: adapter endpoints are exposed via arbitrary URLs

It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS5.7AI score0.00717EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/14 6:33 p.m.4 views

keycloak: adapter endpoints are exposed via arbitrary URLs

It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS5.7AI score0.00717EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/14 6:29 p.m.8 views

keycloak: adapter endpoints are exposed via arbitrary URLs

It was found that keycloak exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...

4.3CVSS5.7AI score0.00717EPSS
Exploits0References4
OSV
OSV
added 2019/09/27 7:15 p.m.7 views

CVE-2019-9428

In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

6.5CVSS6.7AI score0.00856EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/08/27 12:0 a.m.5 views

The vulnerability of the Pulse Connect Secure corporate network VPN server, related to permission processing errors, allows a hacker to gain read access to arbitrary files.

The vulnerability of the Pulse Connect Secure VPN server for corporate networks is related to permission processing errors. Exploiting this vulnerability could allow a malicious actor to gain read access to arbitrary files by using specially created URIs...

8.6CVSS7.9AI score0.99999EPSS
Exploits22References8Affected Software1
RedHat Linux
RedHat Linux
added 2019/08/06 12:7 p.m.2 views

mod_auth_openidc: Shows user-supplied content on error pages

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs...

7.5CVSS5.7AI score0.05177EPSS
Exploits0References4
OSV
OSV
added 2019/07/09 4:15 p.m.4 views

CVE-2019-11019

Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...

7.5CVSS7.1AI score0.01477EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/07/08 12:0 a.m.5 views

The vulnerability of the Power Query editor, a spreadsheet editing tool from Microsoft Excel, allows a hacker to redirect users to a malicious URI and execute malicious code.

The vulnerability of the Power Query editor for Microsoft Excel relates to insufficient neutralization of special elements transmitted in URIs. Exploiting this vulnerability allows a malicious actor to redirect users to malicious URIs and execute malicious code using a specially crafted document...

8.8CVSS5.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/06/06 12:0 a.m.2 views

PT-2019-2639 · Twisted Matrix Laboratories +5 · Twisted +5

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 19.2.1 Description: The issue exists due to insufficient input validation in the twisted.web component of the Twisted network framework. This allows a remote attacker to impact the confidentiality and integrity of...

9.8CVSS7.7AI score0.87806EPSS
Exploits5References93
OSV
OSV
added 2019/06/03 5:29 p.m.3 views

ALPINE-CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS6.8AI score0.02563EPSS
Exploits0References1
OSV
OSV
added 2019/05/13 1:29 p.m.6 views

CVE-2018-14711

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs...

6.5CVSS5.7AI score0.00565EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/04/16 12:59 p.m.7 views

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

9.8CVSS6.7AI score0.09125EPSS
Exploits0References5
CNVD
CNVD
added 2019/04/02 12:0 a.m.1 views

IBM Security Privileged Identity Manager Path Traversal Vulnerability

IBM Security Privileged Identity Manager ISPIM is an identity management product within the IBM Identity Governance and Management solution from IBM in the United States. The product is designed to protect, automate and audit the use of privileged identities to help defend against insider threats...

7.7CVSS6.7AI score0.03395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/03/23 12:0 a.m.8 views

PT-2019-4685 · Redis +9 · Redis +11

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x through 3.7.3 Description: An issue in the urllib2 and urllib modules allows for CRLF injection if an attacker controls a url parameter. This can be demonstrated by the first argument to...

10CVSS6.7AI score0.95707EPSS
Exploits124References1004
CNVD
CNVD
added 2019/03/22 12:0 a.m.4 views

Mozilla Firefox Incorrect Source Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 66, which stems from a privilege notification that fails to properly display the originating domain when requesting WebRTC...

5.3CVSS8.7AI score0.00397EPSS
Exploits0References1
OSV
OSV
added 2019/03/05 11:29 p.m.5 views

CVE-2019-0540

A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'...

5.5CVSS6.4AI score0.12783EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/01/23 12:0 a.m.5 views

PT-2019-1227

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description A vulnerability in the web-based management interface of the routers could allow an unauthenticated, remote attacker to retrieve...

7.5CVSS7AI score0.99876EPSS
Exploits19References27
Rows per page
Query Builder