Lucene search
K

6043 matches found

UbuntuCve
UbuntuCve
added 2018/12/23 11:29 p.m.29 views

CVE-2018-20408

An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...

6.5CVSS6.6AI score0.01157EPSS
Exploits1References2
OSV
OSV
added 2018/12/23 11:29 p.m.12 views

CVE-2018-20408

An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...

6.5CVSS6.8AI score
Exploits0References1
OSV
OSV
added 2018/12/23 11:29 p.m.3 views

UBUNTU-CVE-2018-20409

An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls...

6.5CVSS6.8AI score0.0115EPSS
Exploits1References3
CNVD
CNVD
added 2018/12/18 12:0 a.m.2 views

FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-07072)

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.3 suffers from a cross-site request forgery vulnerability that can be exploited to add an administrator account via users/create/...

8.8CVSS6.9AI score0.00523EPSS
Exploits1References1
CVE
CVE
added 2018/12/17 7:0 p.m.42 views

CVE-2018-20188

CVE-2018-20188 affects FUEL CMS 1.4.3, where a cross-site request forgery (CSRF) via the /users/create/ endpoint can be abused to add an administrator account. The connected Red Hat/ENISA/CNVD/NVD sources corroborate the same description, indicating the vulnerability status and impact as describe...

8.8CVSS8.7AI score0.00523EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/12/13 4:2 p.m.2 views

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...

7CVSS7.1AI score0.00377EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/12/13 3:15 p.m.3 views

postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements

It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...

8.1CVSS7.4AI score0.02241EPSS
Exploits0References5
CVE
CVE
added 2018/12/11 11:0 p.m.48 views

CVE-2018-2497

SAP HANA audit logs fail to record SELECT events when they appear as part of CREATE TABLE AS SELECT in versions 1.0 and 2.0. This could leave such statements partially unlogged, limiting audit visibility for these CREATE TABLE AS SELECT constructs. The provided documents do not include a patch/r...

4CVSS4.2AI score0.0093EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/12/11 10:29 p.m.19 views

Code injection

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

4CVSS4.2AI score0.0093EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/12/11 10:29 p.m.6 views

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

2.7CVSS5.8AI score0.0093EPSS
Exploits0References3
NVD
NVD
added 2018/12/11 10:29 p.m.15 views

CVE-2018-2497

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

4CVSS3.9AI score0.0093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.35 views

Amazon Linux AMI : postgresql95 (ALAS-2018-1118)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.7AI score0.05154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.58 views

Amazon Linux AMI : postgresql96 (ALAS-2018-1119)

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...

9.1CVSS6.9AI score0.05154EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2018/12/05 12:26 p.m.12 views

aniloptiklens.com XSS vulnerability

Open Bug Bounty ID: OBB-707698 Description| Value ---|--- Affected Website:| aniloptiklens.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...

0.1AI score
Exploits0
CNVD
CNVD
added 2018/11/27 12:0 a.m.3 views

Buffalo TS5600D1206 Command Injection Vulnerability (CNVD-2019-00674)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A command injection vulnerability exists in the User.create method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to execute system commands with the 'name' parameter...

7.2CVSS7.7AI score0.02776EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/11/26 11:29 p.m.2 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.7AI score0.02776EPSS
Exploits1References2
OSV
OSV
added 2018/11/26 11:29 p.m.3 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

7.2CVSS5.9AI score0.02776EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/21 4:0 p.m.32 views

CVE-2018-19410

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...

9.6AI score0.8646EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/20 7:57 p.m.5 views

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.14806EPSS
Exploits6References7
exploitpack
exploitpack
added 2018/11/20 12:0 a.m.31 views

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...

5CVSS0.3AI score0.02426EPSS
Exploits5
Rows per page
Query Builder