Lucene search
K

8029 matches found

Friends Of PHP
Friends Of PHP
added 2021/05/14 2:37 p.m.20 views

Improper Certificate Validation in WP-CLI framework

Description Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/14 2:37 p.m.29 views

Improper Certificate Validation in WP-CLI framework

Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...

9.1CVSS8.5AI score0.01312EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.15 views

openSUSE: Security Advisory for syncthing (openSUSE-SU-2021:0688-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.5AI score0.0197EPSS
Exploits0References2
OSV
OSV
added 2021/05/11 6:5 p.m.4 views

OPENSUSE-SU-2021:0713-1 Security update for syncthing

This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...

7.5CVSS7.5AI score0.0197EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/11 12:0 a.m.32 views

Security update for syncthing (moderate)

openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0713-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP...

7.5CVSS7.1AI score0.0197EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/05/10 3:59 p.m.4 views

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.34 views

BSA-2021-1495

Security Advisory ID : BSA-2021-1495 Component : CLI Revision : 1.0 Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations. Affected Products Brocade...

5.3CVSS5.4AI score0.00955EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/05/10 12:0 a.m.22 views

Cisco SD-WAN Software Arbitrary File Corruption (cisco-sa-sdwan-arbfile-7Qhd9mCn)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an arbitrary file corruption vulnerability. A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affect...

6CVSS5.5AI score0.00229EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/05/10 12:0 a.m.26 views

Cisco SD-WAN Software Privilege Escalation (cisco-sa-sdwan-privesc-QVszVUPy)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a privilege escalation vulnerability. A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on...

7.8CVSS6.1AI score0.00325EPSS
Exploits0References3
OSV
OSV
added 2021/05/08 12:5 p.m.5 views

OPENSUSE-SU-2021:0688-1 Security update for syncthing

This update for syncthing fixes the following issues: Update to 1.15.0/1.15.1 This release fixes a vulnerability where Syncthing and the relay server can crash due to malformed relay protocol messages CVE-2021-21404; see GHSA-x462-89pf-6r5h. boo1184428 This release updates the CLI to use...

7.5CVSS7.6AI score0.0197EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/08 12:0 a.m.24 views

Security update for syncthing (moderate)

openSUSE Security Update: Security update for syncthing Announcement ID: openSUSE-SU-2021:0688-1 Rating: moderate References: 1184428 Cross-References: CVE-2021-21404 CVSS scores: CVE-2021-21404 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update...

7.5CVSS7.1AI score0.0197EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/05/07 3:56 p.m.4 views

muleify (>=2.5.7 <=4.0.5), oxe-cli (>=1.1.0 <=1.1.3) potentially affected by CVE-2020-8214 via servey (>=1.0.3 <=2.2.0)

servey NPM version =1.0.3, =2.5.7, =1.1.0, =1.1.3 Source cves: CVE-2020-8214 Source advisory: OSV:GHSA-V3PX-6CC8-F8J3...

7.5CVSS7.1AI score0.01986EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/05/06 6:12 p.m.8 views

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2020-7719 via locutus (>=2.0.10 <=2.0.11)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2020-7719 Source advisory: OSV:GHSA-F98M-Q3HR-P5WQ...

9.8CVSS7.2AI score0.02753EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/05/06 6:11 p.m.4 views

@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)

deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: OSV:GHSA-RGFV-V3JH-7FFP...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/05/06 6:10 p.m.4 views

@chat21/chat21-server (>=0.1.0 <=0.2.54), @coaty/core (>=2.0.0 <=2.0.1) +21 more potentially affected by CVE-2020-13410 via aedes (>=0.11.1 <=0.41.0)

aedes NPM version =0.11.1, =0.1.0, =2.0.0, =2.0.101, =0.0.6, =1.6.0, =1.0.0, =0.1.0, =0.4.9-v, =0.0.1, =0.5.1, =0.0.1, =2.2.7, =1.0.2, =0.2.0, =0.2.1 and more Source cves: CVE-2020-13410 Source advisory: OSV:GHSA-GH78-48H3-FRJQ...

7.5CVSS7.1AI score0.02246EPSS
Exploits1
NVD
NVD
added 2021/05/06 1:15 p.m.9 views

CVE-2021-1438

A vulnerability in Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute...

5.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 2021/05/06 1:15 p.m.14 views

CVE-2021-1514

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...

7.8CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2021/05/06 1:15 p.m.15 views

CVE-2021-1512

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...

6CVSS0.00229EPSS
Exploits0References1
Prion
Prion
added 2021/05/06 1:15 p.m.19 views

Input validation

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...

4.6CVSS7.6AI score0.00325EPSS
Exploits0References1Affected Software13
Prion
Prion
added 2021/05/06 1:15 p.m.20 views

Input validation

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. ...

3.6CVSS6AI score0.00229EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder