Lucene search
K

92 matches found

RedHat Linux
RedHat Linux
added 2021/09/07 8:38 a.m.1 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/08/31 3:1 p.m.2 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/08/10 7:52 a.m.2 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
OSV
OSV
added 2021/07/25 8:34 a.m.9 views

MGASA-2021-0369 Updated golang packages fix security vulnerabilities

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method CVE-2021-27918. net/http in Go before 1.15.12 and 1.16.x before 1.16....

7.5CVSS7AI score0.06975EPSS
Exploits5References7
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.21 views

Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF

The plugin is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values. PoC...

4.3CVSS5.8AI score0.0045EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2021/06/05 9:59 p.m.43 views

Arbitrary Values

go has arbitrary values. The vulnerability exists due to arbitrary values retrieved from DNS which is not sanitized before including in HTML...

7.3CVSS1.4AI score0.03231EPSS
Exploits1References5Affected Software23
OSV
OSV
added 2021/06/01 2:15 p.m.7 views

CVE-2021-24328

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them a...

6.2CVSS5.9AI score0.00614EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2020/12/27 10:37 a.m.108 views

Exploit for Server-Side Request Forgery in Sap Businessobjects_Business_Intelligence_Platform

CVE-2020-6308 SAP POC !Follow on Twitterhttps://img.shields...

5.3CVSS6.4AI score0.61736EPSS
Exploits3
Cvelist
Cvelist
added 2019/09/18 4:15 p.m.27 views

CVE-2019-12620 Cisco HyperFlex Software Counter Value Injection Vulnerability

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...

5.3CVSS5.6AI score0.0065EPSS
Exploits0References1
Cisco
Cisco
added 2019/09/18 4:0 p.m.43 views

Cisco HyperFlex Software Counter Value Injection Vulnerability

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...

5.3CVSS2.1AI score0.0065EPSS
Exploits0References1
Prion
Prion
added 2019/09/06 3:15 p.m.24 views

Design/Logic Flaw

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

7.2CVSS7.3AI score0.0018EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/05/07 4:19 a.m.8 views

Mozilla: Improper bounds checks when Spectre mitigations are disabled

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS7.4AI score0.0163EPSS
Exploits0References5
OSV
OSV
added 2019/04/26 5:29 p.m.2 views

DEBIAN-CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS8.7AI score0.0163EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/03/28 2:52 p.m.6 views

Mozilla: Improper bounds checks when Spectre mitigations are disabled

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS7.4AI score0.0163EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/03/28 2:52 p.m.5 views

Mozilla: Improper bounds checks when Spectre mitigations are disabled

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS7.4AI score0.0163EPSS
Exploits0References5
CNVD
CNVD
added 2019/03/22 12:0 a.m.2 views

Mozilla Firefox and Firefox ESR Improper Boundary Checking Vulnerability

Mozilla Firefox and Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 66 and Firefox ESR versions...

5.9CVSS8.9AI score0.0163EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/03/20 3:26 p.m.5 views

Mozilla: Improper bounds checks when Spectre mitigations are disabled

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS7.4AI score0.0163EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/03/20 3:21 p.m.4 views

Mozilla: Improper bounds checks when Spectre mitigations are disabled

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

5.9CVSS7.4AI score0.0163EPSS
Exploits0References5
Prion
Prion
added 2018/11/22 5:29 a.m.14 views

Design/Logic Flaw

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $COOKIE'admin'.cookiehash is used for arbitrary cookie values that are set and not empty...

4CVSS8.5AI score0.01124EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.21 views

CVE-2018-15375 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the...

6.6AI score0.00327EPSS
Exploits0References1
Rows per page
Query Builder