Lucene search
K

594 matches found

Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.2 views

A flaw was found in grub2 prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel an attacker would first need to establish access to the system such as gaining physical access obtain the ability to alter a pxe-boot network or have remote access to a networked system with root access. With this access an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

8.2CVSS7AI score0.01068EPSS
Exploits0
OSV
OSV
added 2020/07/30 1:15 p.m.3 views

ALPINE-CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.7AI score0.01068EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/29 7:40 p.m.4 views

grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.9AI score0.01068EPSS
Exploits0References8
OSV
OSV
added 2020/07/15 6:15 p.m.3 views

UBUNTU-CVE-2020-14631

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Audit. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS6.6AI score0.02277EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2020/05/12 11:9 a.m.34 views

Attack Against PC Thunderbolt Port

The attack requires physical access to the computer, but it's pretty devastating: On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the...

0.5AI score
Exploits0
OSV
OSV
added 2020/04/30 11:15 p.m.6 views

DEBIAN-CVE-2020-11027

In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...

8.1CVSS7.8AI score0.13625EPSS
Exploits3References1
OSV
OSV
added 2020/04/08 8:15 p.m.4 views

CVE-2020-1614

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function VNF instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service e.g. SSH on the VNF, either locally, or...

10CVSS7.3AI score0.01358EPSS
Exploits0References2
OSV
OSV
added 2020/03/10 8:15 p.m.3 views

CVE-2019-18336

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V3.X.17, SIMATIC TDC CP51M1 All versions V1.1.8, SIMATIC TDC CPU555 All versions V1.1.1, SINUMERIK 840D sl All versions V4.8.6, SINUMERIK 840D sl All versions V4.94. Speciall...

7.5CVSS5.7AI score0.01674EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 7:15 p.m.3 views

CVE-2019-18315

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have netwo...

9.8CVSS7.8AI score0.02486EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 7:15 p.m.4 views

CVE-2019-18287

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have...

5.3CVSS6AI score0.0158EPSS
Exploits0References2
OSV
OSV
added 2019/10/17 7:15 p.m.3 views

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

7.1CVSS7.2AI score0.01311EPSS
Exploits4References2
CVE
CVE
added 2019/08/20 8:53 p.m.117 views

CVE-2019-10960

CVE-2019-10960 affects Zebra Industrial Printers (all versions). Description: printers ship with unrestricted end-user access to front panel options; when a passcode option is enabled, specially crafted network packets can cause the printer to respond with information that includes the front-pane...

7.5CVSS7.2AI score0.01703EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/05 7:15 p.m.5 views

CVE-2019-10980

A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is...

7.8CVSS6.3AI score0.01002EPSS
Exploits0References1
OSV
OSV
added 2019/07/23 11:15 p.m.3 views

DEBIAN-CVE-2019-2818

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

3.1CVSS6.6AI score0.01636EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/07/02 7:45 p.m.6 views

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

9.1CVSS5.8AI score0.02464EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2019/05/21 7:57 p.m.4 views

mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.8CVSS7.1AI score0.03952EPSS
Exploits0References5
OSV
OSV
added 2019/04/12 7:29 p.m.6 views

CVE-2018-16258

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import customtype. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a...

6.1CVSS5.8AI score0.00886EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/11/13 12:0 a.m.4 views

PT-2018-2567 · Siemens · Simatic S7-400 Cpu 414-3 Dp +13

Name of the Vulnerable Software and Affected Versions: SIMATIC S7-400 CPU 412-1 DP V7 versions prior to V7.0.3 SIMATIC S7-400 CPU 412-2 DP V7 versions prior to V7.0.3 SIMATIC S7-400 CPU 412-2 PN V7 versions prior to V7.0.3 SIMATIC S7-400 CPU 414-2 DP V7 versions prior to V7.0.3 SIMATIC S7-400 CPU...

8.5CVSS7.8AI score0.00821EPSS
Exploits0References4
OSV
OSV
added 2018/10/16 12:0 a.m.4 views

UBUNTU-CVE-2018-3161

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Partition. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

4.9CVSS6.6AI score0.03432EPSS
Exploits0References5
OSV
OSV
added 2018/07/18 1:29 p.m.4 views

CVE-2018-2888

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Back Office. Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows physical access to compromise MICROS Retail-J...

6.7CVSS7.3AI score0.00528EPSS
Exploits0References2
Rows per page
Query Builder