Lucene search
K

8565 matches found

NVD
NVD
added 2019/02/07 10:29 p.m.23 views

CVE-2018-1296

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...

7.5CVSS8AI score0.03299EPSS
Exploits0References2
OSV
OSV
added 2019/02/07 10:29 p.m.21 views

CVE-2018-1296

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...

7.5CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2019/02/07 10:0 p.m.24 views

CVE-2018-1296

In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent...

7.5AI score0.03299EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.3 views

The vulnerability of the adduser utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the adduser utility in the Astra Linux operating system is related to an error in assigning mandatory integrity attributes, which prevents access to the user’s home directory. When creating a user, a level of integrity other than 0 was set for their home directory. Exploiting...

2.3CVSS5.5AI score
Exploits0
NVD
NVD
added 2019/02/06 5:29 p.m.15 views

CVE-2018-20757

MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name...

6.1CVSS6.1AI score0.00861EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/02/05 12:0 a.m.5 views

The vulnerability of the dijit.Editor text editor module library simplifies the development of JavaScript- or AJAX-based applications and websites using the Dojo Toolkit. This vulnerability allows attackers to perform cross-site scripting attacks.

The vulnerability of dijit.Editor, a text editor that is part of the modular library for simplifying the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the unsafe use of the onload attribute for SVG elements. Exploiting this vulnerability could allo...

6.1CVSS6AI score0.0115EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/22 12:0 a.m.118 views

Wireshark 2.6.x < 2.6.3 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.3. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.3 advisory. - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could...

7.5CVSS6.8AI score0.03459EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2019/01/17 1:57 p.m.250 views

XSS vulnerability that affects bootstrap

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

6.1CVSS2.4AI score0.03835EPSS
Exploits0References17Affected Software4
Github Security Blog
Github Security Blog
added 2019/01/17 1:57 p.m.281 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info...

6.1CVSS6.3AI score0.0404EPSS
Exploits1References18Affected Software5
OSV
OSV
added 2019/01/15 10:15 p.m.4 views

MGASA-2019-0036 Updated aria2 package fixes security vulnerability

It was observed that URL's which gets downloaded via "--log=" attribute stores sensitive information. This update fixes that...

7.8CVSS7.5AI score0.00351EPSS
Exploits1References2
Veracode
Veracode
added 2019/01/15 9:9 a.m.19 views

Denial Of Service (DoS)

bind is vulnerable to denial of service. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioni...

5CVSS6.6AI score0.5469EPSS
Exploits0References34Affected Software2
Veracode
Veracode
added 2019/01/15 9:7 a.m.20 views

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descriptio...

4.3CVSS5.1AI score0.02758EPSS
Exploits1References12Affected Software1
Veracode
Veracode
added 2019/01/15 8:52 a.m.27 views

Information Disclosure

IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...

5.8CVSS5.4AI score0.01865EPSS
Exploits0References24Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.28 views

Denial Of Service (DoS)

samba is vulnerable to denial of service. An integer overflow vulnerability allows an attacker to send a malicious Extended Attribute EA list to cause the server to utilize excessive amount of memory to loop and reprocess the list Samba, potentially crashing the process...

5CVSS6AI score0.69008EPSS
Exploits7References27Affected Software3
CNVD
CNVD
added 2019/01/11 12:0 a.m.2 views

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23272)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability in the data-target attribute in Bootstrap version 3.x before 3.4.0 and version 4.x-beta before 4.0.0-beta.2 can be exploited by remote attackers to inject arbitrary...

6.1CVSS6.4AI score0.0404EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2019/01/10 5:0 p.m.75 views

Detecting Insecure Cookies with Qualys Web Application Scanning

Cookies are ubiquitous in today's modern web applications. If an attacker can acquire a user's session cookie by exploiting a cross-site scripting XSS vulnerability, by sniffing an unencrypted HTTP connection, or by some other means, then they can potentially hijack a user's valid session...

0.1AI score
Exploits0
Debian CVE
Debian CVE
added 2019/01/10 5:0 p.m.19 views

CVE-2019-5892

bgpd in FRRouting FRR aka Free Range Routing 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 not affecting Cumulus Linux or VyOS, when ENABLEBGPVNC is used for Virtual Network Control, allows remote attackers to cause a denial of service peering session flap via...

6.5CVSS6.5AI score0.02718EPSS
Exploits0
Prion
Prion
added 2019/01/09 5:29 a.m.36 views

Code injection

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

4.3CVSS6AI score0.04293EPSS
Exploits2References13Affected Software1
OSV
OSV
added 2019/01/09 5:29 a.m.68 views

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS5.9AI score
Exploits0References13
UbuntuCve
UbuntuCve
added 2019/01/09 5:29 a.m.64 views

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS6.7AI score0.0404EPSS
Exploits1References7
Rows per page
Query Builder