Lucene search
K

3180 matches found

BDU FSTEC
BDU FSTEC
added 2020/06/19 12:0 a.m.6 views

The vulnerability of the Media Foundation component in Windows operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Media Foundation component in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

9CVSS7.3AI score0.06988EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/19 12:0 a.m.5 views

Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability

The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...

9.1CVSS8.4AI score0.03029EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/10 12:35 p.m.27 views

CVE-2020-6268

Statutory Reporting for Insurance Companies in SAP ERP EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104 does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain...

5.4CVSS8.1AI score0.00675EPSS
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/06/02 12:0 a.m.39 views

[20200704] - Core - Variable tampering via user table class

Internal read-only fields in the User table class could be modified by users...

4.3CVSS5.5AI score0.00998EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/05/22 12:0 a.m.2 views

Logic flaws exist in the YiYu enterprise building system vulnerability

Eyou content management system EyouCms belongs to Hainan Zanzan Network Technology Co., Ltd. is the newest PHP open source website management system. EyouCms has a logic flaw vulnerability that can be exploited by attackers to tamper with other users' information...

6.9AI score
Exploits0
OSV
OSV
added 2020/05/12 6:15 p.m.3 views

CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...

8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2020/04/24 2:15 p.m.17 views

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

9.1CVSS9.1AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/24 1:5 p.m.19 views

CVE-2020-5869

In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...

9.1AI score0.00485EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/04/20 2:37 p.m.119 views

Palo Alto Software: IDOR on update user preferences

Summary: Team member with role USER can change data of any user in the team, or steal his cookies, or steal the account of victim via forget password function. Steps To Reproduce: 1. Login in as user1 the user with role admin and invite user2 set his role to user. 2. Login in as user2, open Mail...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/06 11:2 a.m.145 views

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...

7.4CVSS0.7AI score0.00838EPSS
Exploits0
NVD
NVD
added 2019/11/13 12:15 a.m.22 views

CVE-2019-5230

P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than Emily-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than NEO-AL00D NEO-AL00 9.1.0.321C786E320R1P1T8 have an improper validation vulnerability. The system does not perform a...

5.5CVSS5.3AI score0.00463EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/26 12:0 a.m.5 views

Cisco IOS and IOS XE HTTP Client Resource Management Error Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A resource management error vulnerability exists in the HTTP client functionality in Cisco IOS and IOS XE, which arises from a program that does not take into account TCP port information when matching...

7.4CVSS6.6AI score0.01091EPSS
Exploits0References1
Huawei
Huawei
added 2019/09/25 12:0 a.m.54 views

Security Advisory - Improper Validation Vulnerability in Several Smartphones

There is an improper validation vulnerability on several smartphones. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model , successful exploit could allow the attacker to get an...

5.5CVSS5.3AI score0.00463EPSS
Exploits0Affected Software3
CNVD
CNVD
added 2019/09/17 12:0 a.m.3 views

Logic Flaw Vulnerability in Original Shopping Network App

The original shopping network app is the original shopping network for mobile users free customized shopping software, there are product search, browse, collection, shopping cart, place an order, mobile payment and other functions, you can through the mobile platform, always view the latest...

6.4AI score
Exploits0
OSV
OSV
added 2019/08/05 7:15 p.m.5 views

CVE-2019-5502

SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data...

9.1CVSS7.3AI score0.00909EPSS
Exploits0References1
OSV
OSV
added 2019/06/04 7:29 p.m.8 views

CVE-2019-5215

There is a man-in-the-middle MITM vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162C01E160R1P12/C01E160R2P1, and P30 Pro versions before VOG-AL00 9.1.0.162 C01E160R1P12/C01E160R2P1. When users establish connection and transfer data through Huawei Share, an attacker could...

6.8CVSS5.8AI score0.00329EPSS
Exploits0References1
OSV
OSV
added 2019/05/06 8:29 p.m.4 views

CVE-2018-18978

An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...

7.4CVSS5.8AI score0.00734EPSS
Exploits1References1
OSV
OSV
added 2019/04/17 2:29 p.m.4 views

DEBIAN-CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS8.6AI score0.02512EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.5 views

The vulnerability of the Array.prototype.slice method in JIT-compiler IonMonkey of the Firefox ESR browser allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Array.prototype.slice method in JIT-compiled Firefox ESR browser software arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

9.3CVSS8.2AI score0.29514EPSS
Exploits9References6Affected Software2
The Hacker News
The Hacker News
added 2019/03/22 11:54 a.m.114 views

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...

9.3CVSS1.4AI score0.00844EPSS
Exploits0
Rows per page
Query Builder