Lucene search
K

152 matches found

Nuclei
Nuclei
added 2 days ago50 views

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

9.8CVSS7.8AI score0.85569EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago51 views

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

9.1CVSS7.7AI score0.93689EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago31 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the traceroute function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic...

10CVSS7.9AI score0.9153EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.28 views

RHEL 5 : ncurses (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ncurses: Stack-based buffer overflow caused by format string vulnerability in fmtentry function...

7.9AI score0.00992EPSS
Exploits12References16
Openbugbounty
Openbugbounty
added 2023/11/27 12:20 a.m.8 views

centellesybuj.com Improper Access Control vulnerability OBB-3795393

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
NVD
NVD
added 2023/09/14 7:16 p.m.9 views

CVE-2019-25080

Rejected reason: This candidate is unused by its CNA...

6.6AI score
Exploits0
NVD
NVD
added 2023/05/12 5:15 a.m.11 views

CVE-2019-11804

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

6.6AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.48 views

K02585438: MySQL vulnerabilities CVE-2019-2815, CVE-2019-2819, CVE-2019-2822, and CVE-2019-2826

Security Advisory Description CVE-2019-2815 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

7.5CVSS5.6AI score0.03229EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.38 views

K52514501: MySQL vulnerabilities CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, and CVE-2019-2617

Security Advisory Description CVE-2019-2596 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS5.2AI score0.00536EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.46 views

K80691406: MySQL vulnerabilities CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, and CVE-2019-2539

Security Advisory Description CVE-2019-2535 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure whe...

5CVSS5.6AI score0.00462EPSS
Exploits0
NVD
NVD
added 2022/12/02 10:15 p.m.9 views

CVE-2019-16848

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none...

Exploits0
NVD
NVD
added 2022/12/02 10:15 p.m.9 views

CVE-2019-16818

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none...

Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.27 views

Chakra Scripting Engine RCE via Out-of-bounds write

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

7.6CVSS6.7AI score0.17679EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:21 a.m.19 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861...

7.6CVSS7AI score0.14072EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:21 a.m.36 views

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567...

7.6CVSS7AI score0.81478EPSS
Exploits11References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.26 views

Insufficient Session Expiration in Jenkins

Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based...

8.1CVSS3.2AI score0.00685EPSS
Exploits0References7Affected Software1
CloudLinux
CloudLinux
added 2021/12/28 1:15 p.m.75 views

Fix of CVE: CVE-2021-3516, CVE-2021-3537, CVE-2017-8872, CVE-2021-3518, CVE-2019-20388, CVE-2020-24977, CVE-2021-3541, CVE-2021-3517

CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...

7.5CVSS1.2AI score0.00697EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2019:2010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.02588EPSS
Exploits11References20
CBLMariner
CBLMariner
added 2021/05/06 11:56 p.m.11 views

CVE-2019-1003010 affecting package git 2.23.3-1

CVE-2019-1003010 affecting package git 2.23.3-1. An upgraded version of the package is available that resolves this issue...

4.3CVSS7.4AI score0.00651EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2019:3389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.0467EPSS
Exploits2References105
Rows per page
Query Builder