Lucene search
+L

118 matches found

Tenable Nessus
Tenable Nessus
added 2019/08/28 12:0 a.m.49 views

Amazon Linux 2 : libvirt (ALAS-2019-1274) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to improve the...

8.8CVSS7.5AI score0.01553EPSS
Exploits0References10
CNVD
CNVD
added 2019/08/08 12:0 a.m.3 views

Apache Solr Remote Code Execution Vulnerability (CNVD-2019-26390)

Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. Apache Solr has a remote code execution vulnerability that can be...

9CVSS9.5AI score0.83547EPSS
Exploits3References1
OSV
OSV
added 2019/06/03 9:29 p.m.5 views

CVE-2019-11368

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...

5.4CVSS6AI score0.0158EPSS
Exploits1References2
Prion
Prion
added 2019/05/22 6:29 p.m.24 views

Code injection

A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...

6.5CVSS8.5AI score0.01411EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2019/05/14 4:29 p.m.30 views

CVE-2019-8391

qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...

6.1CVSS6AI score0.03342EPSS
Exploits5References4
OSV
OSV
added 2019/05/14 4:29 p.m.6 views

CVE-2019-8391

qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...

6.1CVSS5.8AI score0.03342EPSS
Exploits5References4
Prion
Prion
added 2019/05/14 4:29 p.m.17 views

Cross site scripting

qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...

4.3CVSS6AI score0.03342EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2019/05/14 3:5 p.m.27 views

CVE-2019-8391

qdPM 9.1 suffers from Cross-site Scripting XSS via configuration?type=XSS parameter...

6AI score0.03342EPSS
Exploits5References4
Veracode
Veracode
added 2019/05/02 4:42 a.m.27 views

Information Disclosure

The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed thei...

2.1CVSS5.7AI score0.01329EPSS
Exploits0References13Affected Software2
Veracode
Veracode
added 2019/03/22 1:21 p.m.27 views

User Impersonation

matrix-synapse is vulnerable to user impersonation. If a configuration parameter called macaroonsecretkey is not set, the authentication secret key is derived using a predictable value and other secrets, allowing remote attackers to impersonate users...

7.5CVSS7.4AI score0.02418EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2018/09/14 12:0 a.m.6 views

Monstra CMS HTTP Header Injection Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An HTTP header injection vulnerability exists in the 'cfg' parameter of the...

6.1CVSS6.5AI score0.0302EPSS
Exploits1References1
Cisco
Cisco
added 2017/05/03 4:0 p.m.59 views

Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability

A vulnerability in the remote management access control list ACL feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress...

5.8CVSS5.8AI score0.01633EPSS
Exploits0References1
CVE
CVE
added 2017/02/13 9:0 p.m.56 views

CVE-2017-5165

CVE-2017-5165 affects the BINOM3 Universal Multifunctional Electric Power Quality Meter. The issue is a lack of CSRF protection (no CSRF token per page/sensitive function), which could allow a remote attacker to perform silent, unauthorized actions such as changing configuration and saving modifi...

7.6CVSS8.1AI score0.00665EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/12/14 12:59 a.m.25 views

Design/Logic Flaw

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

5CVSS7.2AI score0.02786EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/12/02 12:0 a.m.24 views

CentOS 7 : autofs (CESA-2015:2417)

Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.4CVSS5.5AI score0.00335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.36 views

Oracle Linux 7 : autofs (ELSA-2015-2417)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-2417 advisory. 5.0.7-54.0.1 - add autofs-5.0.5-lookup-mounts.patch Orabug:12658280 Bert Barbe 1:5.0.7-54 - bz1263508 - Heavy program map usage can lead to a hang - fix out of...

4.4CVSS5.6AI score0.00335EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/11/19 6:23 a.m.40 views

Moderate: Red Hat Security Advisory: autofs security, bug fix and enhancement update

Updated autofs packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.4CVSS5.8AI score0.00335EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.28 views

RHEL 5 : redhat-ds-base (RHSA-2012:1041)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1041 advisory. Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and...

2.1CVSS5.6AI score0.01329EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2013/07/10 12:0 a.m.23 views

phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...

5.5CVSS8.4AI score0.01055EPSS
Exploits2References2
phpMyAdmin
phpMyAdmin
added 2013/06/30 12:0 a.m.30 views

Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

5.5CVSS7.2AI score0.01055EPSS
Exploits2Affected Software1
Rows per page
Query Builder