Lucene search
K

7654 matches found

OpenVAS
OpenVAS
added 2022/03/17 12:0 a.m.35 views

Apple Mac OS X Security Update (HT213185)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.7AI score0.17715EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/03/17 12:0 a.m.33 views

Apple Mac OS X Security Update (HT212979)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.18024EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/03/17 12:0 a.m.28 views

Apple Mac OS X Security Update (HT212981)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.18024EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/03/17 12:0 a.m.33 views

Apple Mac OS X Security Update (HT213184)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.7AI score0.17715EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.2 views

node-lmdb 安全漏洞

node-lmdb is a node.js binding for LMDB by the individual developer Timur Kristof of Hungary. A security vulnerability exists in node-lmdb that stems from node-lmdb's susceptibility to denial-of-service DoS attacks when defining uncallable ToString values. Successful exploitation will result in a...

7.5CVSS7.2AI score0.01301EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/14 12:0 a.m.22 views

Samsung UWB stack buffer overflow vulnerability

Samsung UWB is a wireless technology used by Samsung Samsung mobile devices that allows smartphones to connect and communicate directly with your car. a buffer overflow vulnerability exists in the Samsung UWB stack, which stems from a boundary checking error in the UWB stack. An attacker could...

9.8CVSS3.6AI score0.00405EPSS
Exploits0References1
Apple
Apple
added 2022/03/14 12:0 a.m.2434 views

About the security content of GarageBand 10.4.6

About the security content of GarageBand 10.4.6 This document describes the security content of GarageBand 10.4.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases ar...

7.8CVSS8.1AI score0.01055EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2022/03/10 2:1 a.m.28 views

Unrestricted Upload of File with Dangerous Type

Description Malicious user can bypass checking and upload .phtm or .php6 file which leads to stored XSS. Proof of Concept - Step 1: Login as admin at https://demo.microweber.org/demo/admin/ - Step 2: Go to Websites setting and Edit any page https://demo.microweber.org/demo/admin/page/24/edit -...

3.5CVSS4.9AI score0.00528EPSS
Exploits1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.2 views

MediaTek 多款产品缓冲区错误漏洞

MediaTek Mt Series is a series of smartphone chips from China's MediaTek. A security vulnerability exists in several MediaTek products, which stems from a lack of boundary checking in the preloader usb, which may result in out-of-bounds writes. The following products and versions are affected:...

6.6CVSS6.6AI score0.00127EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/10 12:0 a.m.24 views

Nextcloud server authorization issue vulnerability (CNVD-2022-20692)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an authorization issue that stems from a lack of...

4.3CVSS1.7AI score0.00817EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.12 views

MediaTek 多款产品缓冲区错误漏洞

MediaTek Mt Series is a series of smartphone chips from China's MediaTek. A security vulnerability exists in several MediaTek products, which stems from a lack of boundary checking in the preloader usb, which may result in out-of-bounds writes. The following products and versions are affected:...

6.6CVSS6.6AI score0.00127EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/03/07 4:59 p.m.33 views

Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server

Impact Any configuration on any maddy version 0.5.4 using auth.pam is affected. No password expiry or account expiry checking is done when authenticating using PAM. Patches Patch is available as part of the 0.5.4 release. Workarounds If /etc/shadow authentication is used, it is possible to replac...

8.8CVSS0.4AI score0.00393EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/03/07 1:50 p.m.19 views

CVE-2021-40056

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability...

7.8AI score0.00708EPSS
Exploits0References1
CVE
CVE
added 2022/03/07 1:49 p.m.72 views

CVE-2021-40062

CVE-2021-40062 is described across multiple sources as a buffer overflow in Huawei EMUI/Magic UI video framework caused by copying the input buffer without size checks. This leads to a denial-of-service impact (availability). The connected CNVD/CNNVD entries corroborate a Huawei Android-based EMU...

7.8CVSS7.6AI score0.00708EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a privilege checking error. An attacker could exploit this vulnerability to elevate local privileges...

7.8CVSS5.7AI score0.00098EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/03/05 12:0 a.m.10 views

The vulnerability in the web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices allows a hacker to execute arbitrary code as a root user.

The vulnerability of the Web interface for controlling Cisco Expressway Series and Cisco Telepresence VCS devices is related to insufficient checking of the command arguments entered by users. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as a root user remotely...

9CVSS6AI score0.03177EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/03/05 12:0 a.m.56 views

openSUSE 15 Security Update : webkit2gtk3 (openSUSE-SU-2022:0705-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0705-1 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2,...

9.3CVSS7.5AI score0.16342EPSS
Exploits4References32
OSV
OSV
added 2022/03/04 6:45 a.m.11 views

OPENSUSE-SU-2022:0705-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 bsc1196133: - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 bsc1195735: - CVE-2022-22589: A validation issue was addressed with improve...

9.3CVSS8.2AI score0.16342EPSS
Exploits4References18
Code423n4
Code423n4
added 2022/03/03 12:0 a.m.8 views

DepositBoxERC20 does not support fee-on-transfer token

Lines of code Vulnerability details Impact The transfered amount is saved without checking the actual amount of token received after the transfer. Proof of Concept saveTransferredAmountschainHash, erc20OnMainnet, amount; require ERC20Upgradeableerc20OnMainnet.transferFrom msg.sender, addressthis,...

7AI score
Exploits0
Huntr
Huntr
added 2022/03/02 2:30 p.m.33 views

Cross-site Scripting (XSS) - Stored

Description Autolab is vulnerable to stored cross-site-scripting in the upload files functionality in courses feature, this can be used to execute XSS attack against the victim who is a student/teacher. Steps to Reproduce PoC 1 login to autolab 2 go to...

3.5CVSS0.00646EPSS
Exploits1References1
Rows per page
Query Builder