Lucene search
K

61 matches found

Snyk
Snyk
added 2023/06/14 12:0 a.m.5 views

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-x64 to version 6.0.18, 7.0...

7.5CVSS6.9AI score0.01558EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 7:20 p.m.18 views

Routinator infinite loop vulnerability

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...

7.5CVSS6.8AI score0.01434EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/11/09 1:15 p.m.3 views

UBUNTU-CVE-2021-43114

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation...

7.5CVSS7.1AI score0.01095EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2020/04/16 12:0 a.m.29 views

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set elements. The issue results from the lac...

9.8CVSS3.9AI score0.05226EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/16 12:0 a.m.25 views

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of data set descriptors. The issue results fro...

5.3CVSS3.5AI score0.02493EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2020/02/04 3:22 p.m.80 views

Actionable Searching and Data Download with Vulnerability Management Dashboards

Qualys is introducing the ability to download data from your vulnerability management dashboards. With Qualys Vulnerability Management Dashboards, you can use Qualys Query Language QQL to query the data in your subscription and build vulnerability- and asset-centric dashboards that show your...

0.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/09/04 12:15 p.m.90 views

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.2CVSS7.3AI score0.26048EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/07 10:53 a.m.60 views

Important: Red Hat Security Advisory: redis:5 security update

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.2CVSS7.3AI score0.26048EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/02/13 12:0 a.m.276 views

openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)

This update for java-11-openjdk to version 11.0.2+7 fixes the following issues : Security issues fixed : - CVE-2019-2422: Better FileChannel transfer performance bsc1122293 - CVE-2019-2426: Improve web server connections - CVE-2018-11212: Improve JPEG processing bsc1122299 - Better route routing ...

6.5CVSS7AI score0.05074EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2019/02/12 12:0 a.m.181 views

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

6.5CVSS8.3AI score0.05074EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/09/12 2:0 p.m.31 views

CVE-2017-1082

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if th...

7.5AI score0.01162EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2018/09/12 2:0 p.m.26 views

CVE-2017-1082

Removed by vendor...

7.5CVSS7.7AI score0.01162EPSS
Exploits1
OSV
OSV
added 2018/09/03 12:0 a.m.4 views

UBUNTU-CVE-2018-16435

Little CMS aka Little Color Management System 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile...

5.5CVSS7.5AI score0.01746EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2017/05/25 1:39 p.m.7 views

kernel: Oops in shash_async_export()

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...

5.5CVSS6.8AI score0.00426EPSS
Exploits0References4
NVD
NVD
added 2016/08/05 3:59 p.m.33 views

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

9.8CVSS9.9AI score0.03653EPSS
Exploits0References6
Prion
Prion
added 2016/08/05 3:59 p.m.27 views

Sql injection

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

7.5CVSS8.9AI score0.03653EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2016/08/05 3:0 p.m.31 views

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

9.9AI score0.03653EPSS
Exploits0References6
CVE
CVE
added 2016/08/05 3:0 p.m.73 views

CVE-2016-4999

CVE-2016-4999 applies to Dashbuilder prior to 0.6.0.Beta1, where a SQL injection flaw exists in getStringParameterSQL (DefaultDialect.java) that can allow remote attackers to execute arbitrary SQL via a data set lookup filter in the Data Set Authoring or Displayer editor UI. Multiple records (NVD...

9.8CVSS9.9AI score0.03653EPSS
Exploits0References6Affected Software3
RedhatCVE
RedhatCVE
added 2016/07/14 8:59 p.m.27 views

CVE-2016-4999

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

9.8CVSS2.7AI score0.03653EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/14 5:54 p.m.7 views

Dashbuilder: SQL Injection on data set lookup filters

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

9.8CVSS5.8AI score0.03653EPSS
Exploits0References4
Rows per page
Query Builder