Lucene search
+L

61 matches found

CNVD
CNVD
added 2024/05/22 12:0 a.m.7 views

Huawei HarmonyOS and EMUI Memory Module Out-of-Bounds Access Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds access vulnerability exists in the...

5.6CVSS6.7AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2024/04/10 8:15 p.m.41 views

CVE-2024-31465

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page...

9.9CVSS9.6AI score0.75575EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/04/04 5:56 p.m.17 views

CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker...

8.5CVSS5.1AI score0.00699EPSS
Exploits0References1
CVE
CVE
added 2024/03/26 3:34 p.m.77 views

CVE-2024-21912

Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21912 (out-of-bounds write / arbitrary code execution). The vulnerability arises from writing beyond designated memory, causing an access violation and allowing code execution when a user opens a malicious fi...

7.8CVSS7.7AI score0.00256EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/15 12:0 a.m.58 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : EDK II vulnerabilities (USN-6638-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6638-1 advisory. Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact...

8.8CVSS8.5AI score0.02101EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.5 views

PT-2023-27545 · Sap · Sap Business Objects Installer

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Suite Installer versions 420, 430 Description: The issue allows an attacker within the network to create a directory under a temporary directory and link it to a directory with operating system files. On successful...

7.1CVSS6.8AI score0.00373EPSS
Exploits0References5
CNVD
CNVD
added 2023/08/12 12:0 a.m.11 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2023-64499)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which stems from insufficient validation of input parameters by the communication system. An...

7.5CVSS6.6AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/19 12:0 a.m.8 views

CVE-2022-48492

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability...

6.9AI score0.00434EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/05 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker exploiting this vulnerability could cause availability to be compromised...

7.5CVSS7.4AI score0.00474EPSS
Exploits0References4
Prion
Prion
added 2023/01/10 4:15 a.m.15 views

Code injection

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application...

6.5CVSS8.6AI score0.00743EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.38 views

CVE-2022-41214

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integri...

8.7CVSS8.7AI score0.00749EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 12:0 a.m.87 views

CVE-2022-41214

CVE-2022-41214 affects SAP NetWeaver Application Server ABAP and ABAP Platform. The root cause, as described across multiple sources, is insufficient input validation that enables a user with high privileges to invoke a remote-enabled function to delete a file that would normally be restricted. S...

8.7CVSS8.4AI score0.00749EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2022/10/20 6:47 a.m.56 views

CVE-2022-43403

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.01428EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/10/20 6:47 a.m.70 views

CVE-2022-43402

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

9.9CVSS4.5AI score0.0116EPSS
Exploits0References4
NVD
NVD
added 2022/10/11 5:15 p.m.29 views

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

6.7CVSS0.00179EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 5:15 p.m.12 views

Improper access control

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

4CVSS6.6AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a configuration flaw. An attacker exploited the vulnerability to cause availability to...

7.5CVSS7.4AI score0.00506EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/10 10:8 a.m.26 views

CVE-2021-42581

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...

9.2AI score0.01325EPSS
Exploits1References2
CVE
CVE
added 2022/05/10 10:8 a.m.168 views

CVE-2021-42581

CVE-2021-42581 affects Ramda up to v0.27.0 in mapObjIndexed, enabling prototype pollution that can lead to remote code execution/integrity or availability impact (CVSS 9.8). IBM advisories reference Ramda prototype pollution and remediation via upgrading affected products, but no specific patch v...

9.1CVSS8.9AI score0.01325EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/02/09 11:15 p.m.32 views

CVE-2022-22536

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the...

10CVSS0.97945EPSS
Exploits8References3
Rows per page
Query Builder