Lucene search
K

71 matches found

BDU FSTEC
BDU FSTEC
added 2023/07/11 12:0 a.m.7 views

The vulnerability of My Cloud OS, a network storage operating system, allows a perpetrator to execute arbitrary commands.

The vulnerability of My Cloud OS network storage systems is related to the lack of measures for data cleanup at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.8CVSS7AI score0.01315EPSS
Exploits0References4Affected Software9
BDU FSTEC
BDU FSTEC
added 2023/06/02 12:0 a.m.6 views

The vulnerability of the bs_SetLimitCli_info function in the /lib/libshare-0.0.26.so library of the LB-LINK router software allows a attacker to gain full access to the device.

The vulnerability of the bsSetLimitCliinfo function in the /lib/libshare-0.0.26.so file of the LB-LINK router software is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full...

10CVSS8.1AI score0.69663EPSS
Exploits1References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/04/02 12:0 a.m.8 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper protection of an alternative path, allowing a attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

7.8CVSS7.5AI score0.00265EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

node-puppet-facter 安全漏洞

node-puppet-facter is an open source Node.JS module for Facter by OlinData. A security vulnerability exists in puppet-facter that stems from the getFact function not properly cleaning up data data...

7.8CVSS7.3AI score0.01219EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/11/30 12:0 a.m.8 views

The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk, related to the lack of measures taken at the management level to clean data, allows a malicious actor to execute arbitrary commands on behalf of the root user.

The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user remotely...

9CVSS8AI score0.00994EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.6 views

The vulnerability of Mozilla Firefox and Mozilla Firefox ESR browsers for Windows, related to the lack of measures taken to clean data at the operating level, allows attackers to execute arbitrary commands.

The vulnerability of Mozilla Firefox and Mozilla Firefox ESR browsers for Windows is related to the lack of measures taken to clean data at the operating level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS8AI score0.01062EPSS
Exploits0References9Affected Software7
BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.15 views

The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.

The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.86194EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.7 views

WordPress plugin Name Directory 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Name Directory versions prior to 1.25.4 are vulnerable to cross-site request forgery, which...

6.1CVSS5.3AI score0.00284EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.7 views

The vulnerability of Sysdig Event analyzer, a traffic analysis tool for computer networks used by Wireshark, allows a hacker to cause a service failure.

The vulnerability of the Sysdig Event analyzer, a traffic analysis tool for computer networks, Wireshark, is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to cause service...

7.8CVSS7.2AI score0.03774EPSS
Exploits1References10Affected Software4
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.6 views

Eclipse Wakaama 缓冲区错误漏洞

Eclipse Wakaama is a C-based, open source implementation of the OMA LWM2M protocol from the Eclipse Foundation. A buffer error vulnerability exists in Eclipse Wakaama versions 2021-01-14 and earlier, which stems from the CoAP parsing code failing to properly clean up data received over the networ...

7.5CVSS7.6AI score0.01358EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.5 views

The vulnerability in the built-in RDoc documentation generator for the Ruby programming language allows a perpetrator to execute arbitrary commands.

The vulnerability of the RDoc documentation generator for the Ruby programming language is related to the lack of measures taken to clean up data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

7CVSS6.9AI score0.0148EPSS
Exploits0References15Affected Software8
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.7 views

PekeUpload 跨站脚本漏洞

PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a...

6.1CVSS5.8AI score0.00813EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.5 views

Apache Superset up和Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, U.S. The vulnerability stems from insufficient cleanup of user-supplied data on browser pages. An attacker could exploit the vulnerability to trick victim...

5.4CVSS5.7AI score0.01602EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.6 views

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken at the management level to clean up data. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.0572EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/08/24 12:0 a.m.6 views

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken at the management level to clean up data. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.0572EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/08/24 12:0 a.m.5 views

The vulnerability of the Brackets text editor, related to the lack of measures taken at the control level to clean up data, allows attackers to execute arbitrary commands.

The vulnerability of the Brackets text editor is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...

10CVSS8.1AI score0.06583EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/05 12:0 a.m.6 views

The vulnerability of the Zabbix universal monitoring system, related to improper cleaning of user data in the “hostinventoriesoverview.php” script, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Zabbix universal monitoring system is related to improper cleaning of user data in the script “hostinventoriesoverview.php”. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending specially crafted queries remotely...

10CVSS6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/22 12:0 a.m.7 views

The vulnerability of the Adobe Photoshop graphic editor lies in the lack of measures taken at the control level to clean up data, allowing a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.8CVSS7AI score0.14215EPSS
Exploits0References14Affected Software1
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.6 views

MISP 安全漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics, and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.144, which stems from the fact that...

9.8CVSS8.2AI score0.01087EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/05/19 12:7 p.m.129 views

Nextcloud: Webauthn tokens are not removed on user deletion

userA has an account on serverA 2. userA enables passwordless login webauthn and registers a key/device 3. userA is removed from the system 4. a new user comes along and gets assigned userA as id 5. the old userA tries to login with their key 6. the old userA can see all data of the new userA...

7.5CVSS1AI score0.01779EPSS
Exploits0
Rows per page
Query Builder