Lucene search
+L

931 matches found

BDU FSTEC
BDU FSTEC
added 2023/03/28 12:0 a.m.5 views

The vulnerability of TP-Link MR3020 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.

The vulnerability of TP-Link MR3020 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted tftp request to the destination...

10CVSS8.2AI score0.0249EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.5 views

The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.0174EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/24 12:0 a.m.6 views

The vulnerability of the application software interface of the software platform for managing security in industrial networks, MXSecurity, allows a perpetrator to execute arbitrary commands.

The vulnerability of the application software interface of the MXSecurity software platform for managing security in industrial networks is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS7.6AI score0.01456EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.7 views

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS7.5AI score0.01481EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.7 views

The vulnerability of the PowerScale OneFS operating system, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary commands, expose sensitive information, or cause service failures.

The vulnerability of the PowerScale OneFS operating system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands, expose protected information, or cause service failures...

6.8CVSS7AI score0.00637EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.10 views

The vulnerability in the web administration interface of the Pulse Connect Secure VPN server for corporate networks allows a perpetrator to execute arbitrary code.

The vulnerability in the web-based administration interface of the Pulse Connect Secure VPN server for corporate networks is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...

9CVSS7.7AI score0.98617EPSS
Exploits12References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.7 views

The vulnerability of the settings/delStaticDhcpRules file in TOTOLINK A7100RU router microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the settings/delStaticDhcpRules file in TOTOLINK A7100RU router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.0192EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/02 12:0 a.m.10 views

The vulnerability in the web interface of Netgear N600 (WNDR3700)’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the web interface of Netgear N600 WNDR3700 microprogramming software routers is related to the lack of measures for cleaning input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS6.3AI score0.02842EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/21 12:0 a.m.13 views

The vulnerability of the delivery interface component in NetScaler SD-WAN and Citrix SD-WAN software management tools allows attackers to enhance their privileges.

The vulnerability of the delivery interface component in NetScaler SD-WAN and Citrix SD-WAN software management tools is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

9CVSS7.7AI score0.74052EPSS
Exploits5References7Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.5 views

SUSE CVE-2010-1619

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

4.3CVSS6.1AI score0.01669EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-26933

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes such as the ones during scrubbing have reached the memory before handing over the page to a guest...

5.5CVSS6.8AI score0.00329EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.7 views

The vulnerability of Sonatype Nexus Repository Manager lies in the lack of measures to clean input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of Sonatype Nexus Repository Manager is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS7.7AI score0.05602EPSS
Exploits3References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/03 12:0 a.m.8 views

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...

8.3CVSS7.5AI score0.00964EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.5 views

nemo-appium 安全漏洞

nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...

9.8CVSS8.3AI score0.02774EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.8 views

The vulnerability of the Server Message Block Version 2 (SMB2) protocol implementation in the Snort intrusion detection system of Cisco Firepower Threat Defense (FTD), the Cisco Meraki MX network device management software, the Cisco Cyber Vision industrial network security control solution, and the Cisco Umbrella cloud security service allows a perpetrator to bypass security restrictions and cause service interruptions.

The vulnerability of the Server Message Block Version 2 SMB2 implementation in the Snort intrusion detection system of the Cisco Firepower Threat Defense FTD microprogramming network interface devices, the Cisco Meraki MX network devices, the Cisco Cyber Vision industrial network security control...

5.8CVSS6.2AI score0.0089EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/01/20 12:0 a.m.12 views

The vulnerability of the CIFS file system’s arbitrary utility command, related to the lack of measures for cleaning input data, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the CIFS file system’s arbitrary utility command related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

7CVSS6.5AI score0.00652EPSS
Exploits1References12Affected Software5
OSV
OSV
added 2023/01/17 4:4 p.m.21 views

GSD-2023-1000134 Bluetooth: Fix not cleanup led when bt_init fails

Bluetooth: Fix not cleanup led when btinit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/01/13 10:8 p.m.16 views

Friday Squid Blogging: How to Buy Fresh or Frozen Squid

Good advice on buying squid. I like to buy whole fresh squid and clean it myself. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

1.2AI score
Exploits0
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.7 views

WordPress plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.2CVSS5.9AI score0.00755EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.9 views

The vulnerability of the Moodle course management system lies in the insufficient cleaning of user data in several “social” fields of the user profile. This allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability of the Moodle course management system is related to insufficient cleaning of user data in several “social” fields of the user’s profile. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...

6.4CVSS5.6AI score0.00655EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder