Lucene search
K

154 matches found

CNNVD
CNNVD
added 2021/01/26 12:0 a.m.8 views

Fuji Electric Tellus Lite V-Simulator和Fuji Electric V-Server Lite 缓冲区错误漏洞

Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...

7.8CVSS6.3AI score0.02065EPSS
Exploits1References5
OSV
OSV
added 2020/12/15 6:15 p.m.1 views

DEBIAN-CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

2.3CVSS8.5AI score0.00306EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/09/22 1:2 p.m.5 views

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/17 9:15 p.m.3 views

CVE-2020-0277

In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.2AI score0.00139EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/07 12:0 a.m.4 views

IBM Maximo Anywhere Information Disclosure Vulnerability (CNVD-2020-27942)

IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...

2.4CVSS6.2AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2020/04/27 3:15 p.m.5 views

CVE-2020-12266

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...

7.5CVSS7.1AI score0.01722EPSS
Exploits0References5
CNVD
CNVD
added 2020/02/20 12:0 a.m.3 views

Input validation error vulnerability in multiple Huawei products (CNVD-2020-22010)

The Huawei HEGE-570, among others, is a smart screen device from the Chinese company Huawei Huawei. An input validation error vulnerability exists in multiple Huawei products. The vulnerability stems from the failure of the program to perform sufficient validation, and can be exploited by an...

6.1CVSS6.6AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/01/26 4:45 a.m.3 views

CVE-2019-15255 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it...

6.5CVSS5.7AI score0.0111EPSS
Exploits0References1
OSV
OSV
added 2019/10/10 2:15 p.m.4 views

CVE-2019-4265

IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198...

2.4CVSS5.8AI score0.00366EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/07/03 3:54 p.m.132 views

Apple Transparency Report Now Includes App Store Takedown Requests

For the first time Apple added to its transparency report the number of App Store takedown requests it has received from governments. The report, released Tuesday, also puts some hard numbers on how often law enforcement and governments request device and user data. App Takedown Request Apple’s...

7.2CVSS7.2AI score0.00829EPSS
Exploits0References3
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-16197

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device...

6.5CVSS5.8AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2018/11/14 6:29 p.m.6 views

CVE-2018-9526

In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033...

7.5CVSS5.8AI score0.0091EPSS
Exploits0References2
CNVD
CNVD
added 2018/10/18 12:0 a.m.2 views

Huawei cell phone information leakage vulnerability

Anne-AL00 is a smartphone from Huawei. An information disclosure vulnerability exists in the Huawei Anne-AL00 phone. An attacker connecting the phone via USB can exploit this vulnerability to obtain device-specific information about the phone due to improper privilege settings for specific comman...

2.4CVSS3.9AI score0.0023EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/27 12:0 a.m.3 views

Netwave IP camera information disclosure vulnerability (CNVD-2018-16961)

Netwave IP camera is a network camera produced by Netwave SystemsB.V. in the Netherlands. An information disclosure vulnerability exists in the getstatus.cgi file in the Netwave IP camera. An attacker can exploit this vulnerability to disclose sensitive information on the device...

7.5CVSS7.1AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2018/07/16 2:29 p.m.5 views

CVE-2018-11717

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...

9.8CVSS5.8AI score0.08575EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/06/25 3:29 p.m.3 views

CVE-2018-8755

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...

9.8CVSS5.5AI score0.01082EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2018/06/18 12:0 a.m.6 views

The vulnerability of the Cisco Wide Area Application Services Software (WAAS) SNMP daemon allows a hacker to read any data available on the device through the SNMP protocol.

The vulnerability of the Cisco WAAS software package related to the use of pre-installed credentials. Exploiting this vulnerability allows a remote attacker to read any data available on the device through the SNMPv2c protocol...

5.3CVSS5.6AI score0.02396EPSS
Exploits0References7
OSV
OSV
added 2017/08/24 2:29 p.m.8 views

CVE-2017-12134

The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability...

8.8CVSS7.7AI score
Exploits0References10
Prion
Prion
added 2017/06/09 4:29 p.m.14 views

Design/Logic Flaw

Untrusted search path vulnerability in Installers for Specification check program social insurance Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to...

6.8CVSS7.5AI score0.00956EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2017/06/09 4:0 p.m.36 views

CVE-2016-7818

CVE-2016-7818 is an Untrusted search path vulnerability in Japan Pension Service installers: Specification check program (social insurance) v9.00 and earlier, TODOKESHO print program v5.00 and earlier, Device data encryption program v1.00 and earlier, and TODOKESHO creation program v15.00 and ear...

7.8CVSS7.7AI score0.00956EPSS
Exploits0References6Affected Software4
Rows per page
Query Builder