226 matches found
EUVD-2017-12535
Malware in sbrugna...
EUVD-2017-12467
Malware in sbrugna...
Siemens SIMATIC Controller Web Servers
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...
CVE-2019-2989
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services
I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...
CVE-2019-8286
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage for example, via clicking phishing link. Vulnerability has CVSS v3.0 base...
Information disclosure
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage for example, via clicking phishing link. Vulnerability has CVSS v3.0 base...
CVE-2019-8286
CVE-2019-8286 concerns Kaspersky URL Advisor in multiple Kaspersky products. The issue stems from how the URL Advisor injects a remotely-hosted JavaScript into pages, where the injected URL contained a unique, per-user identifier. This could allow websites or third-party services to read the Kasp...
Linux Kernel Flaw Allows Remote Code-Execution
Millions of Linux systems could be vulnerable to a high-impact race condition flaw in the Linux kernel. Kernel versions prior to 5.0.8 are affected by the vulnerability CVE-2019-11815, which exists in the rdstcpkillsock in net/rds/tcp.c. “There is a race condition leading to a use-after-free UAF,...
RubyGems: No limit of summary length allows Denail of Service
Currently, there is no limit for summary length. I think, pushing a gem whose summary is huge, will make gem search unavailable. This is not Arbitrary Code Execution, but really easy to attack. According to CVSS v3.0 Calculator, the severity is High 7.5. How to attack 1 An attacker creates a gem...
CVE-2017-3440
Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2017-3442
Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2017-3438
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2017-3424
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2017-3419
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: User Interface. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technica...
CVE-2017-3423
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2017-3383
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-3378
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-3389
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-3379
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...