Lucene search
K

116 matches found

UbuntuCve
UbuntuCve
added 2020/06/18 6:15 p.m.27 views

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

3.3CVSS6.2AI score0.00365EPSS
Exploits0References3
CVE
CVE
added 2020/06/18 5:30 p.m.115 views

CVE-2019-13033

In the CISOfy Lynis family, CVE-2019-13033 affects Lynis 2.x up to 2.7.5, where the license key can be exposed by inspecting the process list during a data upload. The license can be used to upload data to a central Lynis server, potentially enabling insertion of data from additional scans, thoug...

3.3CVSS3.9AI score0.00365EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/06/18 5:30 p.m.21 views

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

3.9AI score0.00365EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/06/18 5:30 p.m.25 views

CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

3.3CVSS4.3AI score0.00365EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2019/09/24 1:49 p.m.25 views

CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...

7.5CVSS7.2AI score0.01686EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.6 views

The vulnerability of the Modbus microprogramming software protocol allows a perpetrator to execute commands for starting, stopping, downloading, and uploading data on the device.

The vulnerability of the Modbus microprogramming software for programmable logic controllers lies in the transmission of confidential information in an unencrypted form. Exploiting this vulnerability allows a malicious actor to execute commands such as start, stop, download, and upload operations...

10CVSS5.7AI score0.05139EPSS
Exploits0References3
myhack58
myhack58
added 2019/05/28 12:0 a.m.314 views

Wary of the use of the Office vulnerabilities to spread commercial spyware AgentTesla-vulnerability warning-the black bar safety net

Background overview AgentTesla was originally a released in 2014 the simple key loggers, and in recent years its development team which constantly adds many new features, and sale. AgentTesla has now become a commercial spyware that can be controlled by the end of the generation to meet the...

9.3CVSS8.5AI score0.99945EPSS
Exploits33
Node.js
Node.js
added 2019/05/06 2:20 p.m.13 views

Malicious Package

Overview All versions of requets typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:4 p.m.14 views

Malicious Package

Overview All versions of aasync typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

6.6AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/05/06 2:1 p.m.12 views

Malicious Package

Overview All versions of jajajejejiji typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether...

6.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/11/06 12:0 a.m.3 views

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...

9.8CVSS7.4AI score0.01343EPSS
Exploits1References1
Prion
Prion
added 2018/08/10 6:29 p.m.17 views

Design/Logic Flaw

A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable...

3.8CVSS5.2AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/10 6:0 p.m.23 views

CVE-2018-10626 Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...

4.4CVSS4.7AI score0.00361EPSS
Exploits0References4
CVE
CVE
added 2018/08/10 6:0 p.m.66 views

CVE-2018-10626

Medtronic MyCareLink 24950/24952 Patient Monitors are affected by CVE-2018-10626: the update service does not sufficiently verify data authenticity, enabling an attacker with per‑product credentials to upload invalid data to the CareLink network (CWE-345). Connected advisories corroborate affecte...

4.4CVSS6.1AI score0.00361EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2018/04/16 12:0 a.m.3 views

Skyworth smart TVs have smart hardware vulnerabilities

Skyworth Group Limited is a publicly listed technology company specializing in the production of consumer electronics, networking and communication products. A smart hardware vulnerability exists in Skyworth Smart TV. The vulnerability is due to Skyworth Smart TV's failure to restrict permissions...

7AI score
Exploits0
NVD
NVD
added 2017/07/17 1:18 p.m.50 views

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

9.8CVSS9.5AI score0.02EPSS
Exploits1References2
OSV
OSV
added 2017/07/17 1:18 p.m.5 views

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

9.8CVSS5.8AI score0.02EPSS
Exploits1References2
Prion
Prion
added 2017/07/17 1:18 p.m.14 views

Code injection

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

5CVSS9.4AI score0.02EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2016/04/13 5:0 p.m.89 views

CVE-2016-0757

OpenStack Image Service (Glance) vulnerable CVE-2016-0757 affects 11.0.x before 11.0.2 (liberty) and 2015.1.3 (kilo) when show_multiple_locations is enabled. The issue allows a remote authenticated attacker to change image status and upload new image data by removing the last location of an image...

4.3CVSS4.1AI score0.01466EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2016/04/13 5:0 p.m.62 views

CVE-2016-0757

OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...

4.3CVSS4.5AI score0.01466EPSS
Exploits0
Rows per page
Query Builder