Lucene search
K

6046 matches found

UbuntuCve
UbuntuCve
added 2019/10/01 2:15 p.m.41 views

CVE-2019-17056

llcpsockcreate in net/nfc/llcpsock.c in the AFNFC network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176...

3.3CVSS6.8AI score0.00567EPSS
Exploits0References9
OSV
OSV
added 2019/10/01 2:15 p.m.2 views

UBUNTU-CVE-2019-17052

ax25create in net/ax25/afax25.c in the AFAX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768...

3.3CVSS7.1AI score0.00635EPSS
Exploits0References10
OSV
OSV
added 2019/10/01 2:15 p.m.1 views

UBUNTU-CVE-2019-17054

atalkcreate in net/appletalk/ddp.c in the AFAPPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAPNETRAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c...

3.3CVSS6.7AI score0.00514EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2019/09/24 12:0 a.m.5 views

PT-2019-6419 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to errors in memory release in the dcn create resource pool function of the Linux kernel, which can lead to a memory leak. This can be exploited by a remote attack...

2.7CVSS6.2AI score
Exploits0References13
CVE
CVE
added 2019/09/21 5:45 p.m.207 views

CVE-2019-16664

ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...

4.8CVSS4.8AI score0.00592EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/09/13 5:15 p.m.15 views

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

8.8CVSS8.8AI score0.01613EPSS
Exploits1References1
OSV
OSV
added 2019/09/13 5:15 p.m.10 views

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

8.8CVSS7.5AI score
Exploits0References1
CVE
CVE
added 2019/09/13 4:6 p.m.243 views

CVE-2019-16293

Open-AudIT is affected by CVE-2019-16293 for versions prior to 3.2.0. The issue arises in the Create Discoveries feature, allowing an authenticated attacker to execute arbitrary OS commands by injecting a crafted value into a URL field. The Red Hat advisory confirms the same description. The avai...

8.8CVSS8.7AI score0.01613EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/13 4:6 p.m.18 views

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

8.8AI score0.01613EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/09/13 3:15 p.m.15 views

Node.js third-party modules: [create-git] RCE via insecure command formatting

The create-git NPM module was vulnerable against command injection which was possible since some user supplied inputs were concatenated without proper checks inside a exec call, which made possible executing arbitrary commands besides the git one which is used by the tool. The PoC resulted in: js...

2.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.5 views

PT-2019-6283 · Nlnet +5 · Unbound +5

Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to impact data integrity. This can occur upon a successful...

9.8CVSS7.7AI score0.03212EPSS
Exploits1References120
Prion
Prion
added 2019/08/28 5:15 p.m.13 views

Cross site request forgery (csrf)

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

6.8CVSS8.5AI score0.00614EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/28 4:34 p.m.22 views

CVE-2019-15496

MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.6AI score0.00614EPSS
Exploits1References1
CVE
CVE
added 2019/08/28 4:34 p.m.39 views

CVE-2019-15496

The CVE-2019-15496 entry concerns MyT Project Management 1.5.1, which reportedly lacks CSRF protection and enables a CSRF attack that could trick an administrator into executing arbitrary code via a crafted HTML page. The connected sources confirm the affected product/version and the underlying i...

8.8CVSS8.5AI score0.00614EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/08/27 12:0 a.m.6 views

Atlassian Jira Cross-Site Request Forgery Vulnerability (CNVD-2019-30064)

Jira is a tool developed by Australian company Atlassian for defect tracking, issue tracking and project management. A cross-site request forgery vulnerability exists in the AddResolution.jspa resource in Jira. A remote attacker could exploit the vulnerability to create new solutions...

4.3CVSS6.9AI score0.00647EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 7:15 p.m.10 views

Cross site scripting

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known b...

3.5CVSS5.8AI score0.00839EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/08/21 8:15 p.m.4 views

CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation to NT AUTHORITY\SYSTEM via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition...

7CVSS7.1AI score0.00389EPSS
Exploits1References4
NVD
NVD
added 2019/08/20 12:15 a.m.17 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.8CVSS8.6AI score0.00709EPSS
Exploits1References2
OSV
OSV
added 2019/08/20 12:15 a.m.11 views

CVE-2019-15229

FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page...

8.8CVSS7AI score
Exploits0References2
Prion
Prion
added 2019/08/20 12:15 a.m.12 views

Design/Logic Flaw

FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors...

3.5CVSS5.2AI score0.00731EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder