Lucene search
K

398 matches found

cnnvd
cnnvd
added 2023/12/03 12:0 a.m.5 views

NESP2 SQL Injection Vulnerability

NESP2 is a web map open source by Reiner Lemoine Institut. NESP2 suffers from a SQL injection vulnerability that stems from a SQL injection problem in app/database.py...

9.8CVSS8AI score0.00758EPSS
Exploits0References5
redhat
redhat
added 2023/11/14 3:53 p.m.3 views

libreoffice: Arbitrary file write

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker...

5.5CVSS5.7AI score0.64635EPSS
Exploits0References5
nessus
nessus
added 2023/11/07 12:0 a.m.22 views

RHEL 9 : ncurses (RHSA-2023:6698)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6698 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

7.8CVSS6.9AI score0.00923EPSS
Exploits1References7
amazon
amazon
added 2023/09/25 12:0 a.m.3 views

Medium: libreoffice

Issue Overview: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. CVE-2023-1183 Affected Packages:...

5.5CVSS6.8AI score0.64635EPSS
Exploits0
snyk
snyk
added 2023/09/12 8:5 p.m.2 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x86 to version 6.0.22...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2023/09/08 12:0 a.m.8 views

The vulnerability of the library for accessing and creating SQLite JDBC files is related to improper code generation. This allows an attacker to execute arbitrary code.

The vulnerability of the library for accessing and creating SQLite JDBC files is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.01592EPSS
Exploits0References4Affected Software3
openvas
openvas
added 2023/09/05 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2023-2699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.2AI score0.00923EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/06/28 2:15 p.m.6 views

CVE-2023-30259

A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file...

5.5CVSS6.4AI score0.00318EPSS
Exploits1References2
osv
osv
added 2023/06/28 2:15 p.m.4 views

UBUNTU-CVE-2023-30259

A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file...

5.5CVSS7.3AI score0.00318EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/06/28 12:0 a.m.3 views

PT-2023-22609 · Librecad +2 · Importshp +3

Name of the Vulnerable Software and Affected Versions: LibreCAD version 2.2.0 Description: A Buffer Overflow issue in the importshp plugin allows attackers to obtain sensitive information via a crafted DBF file. Recommendations: For LibreCAD version 2.2.0, at the moment, there is no information...

5.5CVSS6.7AI score0.009EPSS
Exploits2References16
cnnvd
cnnvd
added 2023/06/09 12:0 a.m.4 views

CrossX 资源管理错误漏洞

CrossX is a Box management system from CrossX. A security vulnerability exists in CrossX version v.1.15.3. A local attacker could exploit this vulnerability to cause a denial of service to the system via a database file...

5.5CVSS5.7AI score0.003EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/06/09 12:0 a.m.7 views

CrossX 安全漏洞

CrossX is a Box management system from CrossX. A security vulnerability exists in CrossX version v.1.15.3. A local attacker exploited the vulnerability to cause privilege escalation via a database file...

7.8CVSS7.4AI score0.00302EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/05/30 12:0 a.m.4 views

Wave Studio Animated Keyboard Emoji 安全漏洞

Wave Studio Animated Keyboard Emoji is an animated keyboard emoji application from Wave Studio, Inc. A security vulnerability exists in Wave Studio Animated Keyboard Emoji version v.1.70.7, which originates from a code execution via a database file can elevate privileges...

7.8CVSS7.9AI score0.00949EPSS
Exploits1References5
cnnvd
cnnvd
added 2023/05/30 12:0 a.m.7 views

edjing Mix 资源管理错误漏洞

edjing Mix is a virtual DJ professional edition from edjing. A security vulnerability exists in edjing Mix version v.7.09.01 that could allow a local attacker to cause a denial of service via a database file...

5.5CVSS5.7AI score0.003EPSS
Exploits1References2
osv
osv
added 2023/05/09 1:15 p.m.4 views

CVE-2023-29128

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 All versions = V2.0 = V2.0 V2.1. The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacke...

2.7CVSS5.7AI score0.00684EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/05/09 12:0 a.m.9 views

Siemens SIMATIC Cloud Connect 路径遍历漏洞

SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. A path traversal vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be exploited by a...

3.8CVSS6.8AI score0.00684EPSS
Exploits0References3
nvd
nvd
added 2023/04/14 1:15 a.m.26 views

CVE-2023-29491

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

7.8CVSS7.8AI score0.00923EPSS
Exploits1References12
susecve
susecve
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-16226

An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS7.4AI score0.01543EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 3:58 a.m.3 views

SUSE CVE-2020-12458

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information e.g., cleartext or encrypted datasource passwords...

6.2CVSS8.1AI score0.00465EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/01/16 12:0 a.m.5 views

PT-2023-10233 · Unknown · Githuis P2Manage

Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...

9.8CVSS6.1AI score0.00672EPSS
Exploits0References7
Rows per page
Query Builder