Lucene search
K

122 matches found

Positive Technologies
Positive Technologies
added 2021/03/18 12:0 a.m.4 views

PT-2021-14667 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.1 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Rea...

4.3CVSS4.3AI score0.00877EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2020/11/24 7:8 a.m.5 views

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the...

9.1CVSS7.6AI score0.23771EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/09/24 9:47 a.m.29 views

CVE-2020-15186

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...

4CVSS1.7AI score0.00962EPSS
Exploits0References3
OSV
OSV
added 2020/09/04 3:15 a.m.4 views

CVE-2020-3546

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...

5.3CVSS6.1AI score0.01074EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/28 6:33 a.m.5 views

Multiple NETGEAR switching hubs vulnerable to cross-site request forgery

Overview GS716Tv2 and GS724Tv3 switching hubs provided by NETGEAR contain a cross-site request forgery vulnerability. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page...

4.3CVSS6.7AI score0.00789EPSS
Exploits0References6
Palo Alto Networks
Palo Alto Networks
added 2019/03/20 9:20 p.m.8 views

Privilege Escalation in PAN-OS

Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...

7.8CVSS8.3AI score0.14806EPSS
Exploits6References1
OSV
OSV
added 2017/07/17 9:29 p.m.3 views

CVE-2017-6743

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

8.8CVSS6.5AI score0.1055EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 4:59 a.m.4 views

MFC-J960DWN vulnerable to cross-site request forgery

Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00722EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/10/05 12:0 a.m.5 views

PT-2016-6898 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.4.7.29 through 9.1.7.4 Description: A denial of service issue exists due to the improper handling of DHCP packets by the DHCP Relay feature. This can be exploited by an unauthenticated...

6.5CVSS6.4AI score0.00882EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2007/02/27 12:0 a.m.7 views

PT-2007-1358 · Exv2 · Exv2

Name of the Vulnerable Software and Affected Versions: exV2 versions 2.0.4.3 and earlier Description: The issue allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code. This is achieved by modifying the xoopsOption'pagetyp...

9.8CVSS7.2AI score0.12847EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2006/08/29 12:0 a.m.4 views

PT-2006-5223 · Phpdig +1 · Phpdig +1

Name of the Vulnerable Software and Affected Versions: Jetbox CMS version 2.1 Description: The issue concerns a remote file inclusion vulnerability. It allows remote attackers to execute arbitrary PHP code via a URL in the relative script path parameter. This is a different vector from a previous...

7.5CVSS7.6AI score0.04394EPSS
Exploits1References14
Gentoo Linux
Gentoo Linux
added 2005/03/06 12:0 a.m.19 views

Hashcash: Format string vulnerability

Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...

7.5CVSS6.9AI score0.02884EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/01 12:0 a.m.21 views

GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...

2.1CVSS5.5AI score0.00318EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2005/02/26 12:0 a.m.35 views

vbulletin306.txt

Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/02/25 12:0 a.m.42 views

Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities ====================================================================== Revision 1.0 For Public Release 2005 February 24 1600 UTC GMT...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.18 views

GLSA-200501-20 : o3read: Buffer overflow during file conversion

The remote host is affected by the vulnerability described in GLSA-200501-20 o3read: Buffer overflow during file conversion Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of bytes into a 1024-byte t array. Impact : Using a specially crafted file, possibly...

10CVSS6.2AI score0.10436EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.10 views

GLSA-200501-11 : Dillo: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200501-11 Dillo: Format string vulnerability Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact : An attacker could craft a malicious web page which, when access...

7.5CVSS6AI score0.03522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.31 views

GLSA-200501-27 : Ethereal: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-27 Ethereal: Multiple vulnerabilities There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including: The COPS dissector could go into an infinite loop CAN-2005-0006. The DLSw dissector could caus...

7.5CVSS6.4AI score0.06308EPSS
Exploits0References8
securityvulns
securityvulns
added 2005/01/30 12:0 a.m.30 views

[ GLSA 200501-40 ] ngIRCd: Buffer overflow

Gentoo Linux Security Advisory GLSA 200501-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

0.5AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/23 12:0 a.m.38 views

KPdf, KOffice: Stack overflow in included Xpdf code

Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact An attacker cou...

7.5CVSS6.9AI score0.07217EPSS
Exploits1
Rows per page
Query Builder