Lucene search
K

5256 matches found

Prion
Prion
added 2021/01/26 6:15 p.m.14 views

Input validation

Philips Interventional Workspot Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live Release 1.0, ViewForum Release 6.3V1L10. The software constructs all or part of an OS command using externally influenced input from an upstream component but does no...

3.3CVSS6.4AI score0.00836EPSS
Exploits0References1Affected Software5
RustSec
RustSec
added 2021/01/26 12:0 p.m.23 views

insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

7.5CVSS4.2AI score0.01135EPSS
Exploits1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.5 views

Zen Cart 操作系统命令注入漏洞

Zen Cart is an open source, free shopping mall system , used to build a professional online store . A remote code execution vulnerability exists in Zen Cart 1.5.7b. The vulnerability can be exploited by an administrator to execute arbitrary OS commands by inspecting HTML radio input elements and...

9CVSS7.8AI score0.16782EPSS
Exploits4References5
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.3 views

The vulnerability in the Trend Micro InterScan Web Security Virtual Appliance exists due to the failure to take measures to eliminate certain special elements used in the operating system. This allows attackers to execute arbitrary code.

The vulnerability of Trend Micro InterScan Web Security Virtual Appliance exists due to the lack of measures taken to neutralize special elements used in the operating system’s command chain. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.1AI score0.8758EPSS
Exploits7References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.5 views

The vulnerability of NETGEAR’s integrated software lies in its ability to allow a hacker to execute arbitrary commands.

The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.8CVSS8.1AI score0.01202EPSS
Exploits0References4Affected Software12
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.3 views

The vulnerability of NETGEAR’s embedded software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.

The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.8CVSS8.1AI score0.02169EPSS
Exploits0References4Affected Software12
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.5 views

The vulnerability of the QTS and QuTS operating systems lies in the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary code.

The vulnerability of the QTS and QuTS operating systems is related to the lack of measures taken to neutralize special elements used in the OS command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8AI score0.0255EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.5 views

The vulnerability of NETGEAR’s embedded software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.

The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.8CVSS8.1AI score0.01202EPSS
Exploits0References4Affected Software12
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.2 views

The vulnerability of NETGEAR’s integrated software lies in its ability to allow a hacker to execute arbitrary commands.

The vulnerability in NETGEAR’s embedded software exists because measures are not taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.8CVSS8.1AI score0.02022EPSS
Exploits0References4Affected Software12
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.4 views

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.136, which originates in...

6.1CVSS5.6AI score0.00791EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.5 views

The vulnerability in the implementation of the Strict Transport Security (HSTS) mechanism of the Mozilla Firefox browser allows a perpetrator to compromise the integrity of data.

The vulnerability of the Strict Transport Security HSTS mechanism implemented by Mozilla Firefox is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the...

5.3CVSS6.9AI score0.01784EPSS
Exploits1References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.3 views

The vulnerability of Firefox, Firefox ESR, and the Thunderbird email client relates to the use of freed resources during manipulation of HTML media elements. This allows an attacker to gain unauthorized access to information and compromise its integrity and accessibility.

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client is related to the use of media elements after liberation, when manipulating them. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to information and compromise i...

10CVSS7.4AI score0.07157EPSS
Exploits0References9Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.3 views

The vulnerability of the Cisco Jabber software platform for Windows lies in the insufficient neutralization of special elements used in operating system commands, allowing a hacker to execute arbitrary code.

The vulnerability of the Cisco Jabber for Windows software platform is related to errors in insufficient neutralization of special elements used in operating system commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

9CVSS8.1AI score0.01123EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2021/01/06 4:53 p.m.27 views

GitLab: Stored XSS in repository file viewer

Summary There exists XSS in swagger-ui version used in GitLab open API viewer. The XSS exists due to the old version of DOMpurify used in swagger-ui that allows an attacker can inject any HTML elements with any attributes except script tag on the page. The XSS in POC requires 1 click anywhere on...

5.7AI score
Exploits0
NVD
NVD
added 2020/12/31 9:15 a.m.41 views

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.5CVSS5.4AI score0.00388EPSS
Exploits1References1
OSV
OSV
added 2020/12/31 9:15 a.m.5 views

DEBIAN-CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.5CVSS5.7AI score0.00388EPSS
Exploits1References1
Prion
Prion
added 2020/12/31 9:15 a.m.11 views

Authentication flaw

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

2.1CVSS5.4AI score0.00388EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/12/31 9:15 a.m.24 views

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.5CVSS6.1AI score0.00388EPSS
Exploits1References3
OSV
OSV
added 2020/12/31 9:15 a.m.1 views

UBUNTU-CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.5CVSS6AI score0.00388EPSS
Exploits1References4
CVE
CVE
added 2020/12/31 8:21 a.m.57 views

CVE-2020-35904

CVE-2020-35904 affects the Rust crate crossbeam-channel prior to version 0.4.4. The issue is an incorrect assumption about the relationship between memory allocation and the number of elements produced by an iterator, leading to unsound behavior when the Vec is reconstructed from a raw pointer ba...

5.5CVSS7.2AI score0.00388EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder