Lucene search
K

5255 matches found

BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.6 views

The vulnerability of the NtFilterToken ParentTokenId component in Microsoft Windows operating systems, which allows a hacker to increase their privileges.

The vulnerability of the NtFilterToken ParentTokenId component in Microsoft Windows operating systems is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.8CVSS7AI score0.01243EPSS
Exploits0References2
Snyk
Snyk
added 2020/05/19 9:0 p.m.3 views

Cross-site Scripting (XSS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing...

5.4CVSS5.4AI score0.02142EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/05/19 12:0 a.m.4 views

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV lies in the improper elimination of certain elements in the output data used by the incoming component, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV is related to incorrect elimination of special elements in the output data used by the incoming component. Exploitation of this vulnerability can allow...

8.5CVSS7.9AI score0.06831EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/05/11 11:15 p.m.6 views

CVE-2020-10060

In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...

6.5CVSS5.6AI score0.01559EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.3 views

The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the Apache SpamAssassin spam filtering software lies in the lack of measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability can allow a hacker to gain unauthorized access to confidential data, cause service failures, an...

7.2CVSS6.9AI score0.00871EPSS
Exploits0References10Affected Software6
Drupal
Drupal
added 2020/05/06 12:0 a.m.17 views

Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013

The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...

6.7AI score
Exploits0References6
OSV
OSV
added 2020/04/29 9:15 p.m.1 views

DEBIAN-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.4AI score0.8383EPSS
Exploits6References1
OSV
OSV
added 2020/04/29 9:15 p.m.2 views

UBUNTU-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.7AI score0.8383EPSS
Exploits6References8
BDU FSTEC
BDU FSTEC
added 2020/04/27 12:0 a.m.4 views

The vulnerability of the Evince document viewing software lies in its inability to eliminate special elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Evince document viewing software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow a perpetrator to execute arbitrary commands...

7.8CVSS7AI score0.01406EPSS
Exploits0References9Affected Software4
Positive Technologies
Positive Technologies
added 2020/04/22 12:0 a.m.6 views

PT-2020-8631 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery version 2.2.2 Description: The issue allows for cross-site scripting XSS attacks via a crafted onerror attribute of an IMG element. Recommendations: For jQuery version 2.2.2, consider disabling the use of the onerror attribute in IMG...

6.1CVSS8.5AI score0.0162EPSS
Exploits0References9
Microsoft KB
Microsoft KB
added 2020/04/21 12:0 a.m.5 views

February 10, 2015 update for Office Web Apps Server 2013 (KB2956101)

February 10, 2015 update for Office Web Apps Server 2013 KB2956101 This article describes update KB2956101 for Microsoft Office Web Apps Server 2013 that was released on February 10, 2015. This update has a prerequisite. Improvements and Fixes Improves localization to make sure that the meanings...

5.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/04/16 12:0 a.m.29 views

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway DNP3 Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of data set elements. The issue results from the lac...

9.8CVSS3.9AI score0.05226EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/16 12:0 a.m.5 views

The vulnerability of the operating system utility package OC SUSE Linux Supportutils lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the operating system utility package for SUSE Linux Supportutils lies in the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows an attacker to execute arbitrary commands by controlling the rp...

7.2CVSS7.2AI score0.00503EPSS
Exploits0References3Affected Software6
Veracode
Veracode
added 2020/04/10 12:59 a.m.22 views

Privilege Escalation

openjdk is vulnerable to privilege escalation. It was found that the Java launcher provided by OpenJDK did not check the LDLIBRARYPATH environment variable for insecure empty path elements. A local attacker able to trick a user into running the Java launcher while working from an attacker-writabl...

3.7CVSS3.1AI score0.00411EPSS
Exploits0References20Affected Software1
Veracode
Veracode
added 2020/04/10 12:29 a.m.22 views

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the way Firefox stored attributes in XML User Interface Language XUL elements. A web site could use this flaw to track users across browser sessions, even if users did not allow the site to store...

5CVSS2.9AI score0.02295EPSS
Exploits0References17Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/04/10 12:0 a.m.3 views

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the lack of measures to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to certain elements that may contain parentheses. Through these elements, it is possible to inject closing tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

6.1CVSS7AI score0.0145EPSS
Exploits0References17Affected Software7
RedhatCVE
RedhatCVE
added 2020/04/06 5:7 p.m.34 views

CVE-2019-11746

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

8.8CVSS2.1AI score0.01713EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.2 views

The command-line interface vulnerability of the Cisco Unified Computing System (UCS) Manager software for UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects, and UCS 6400 Series Fabric Interconnects allows a attacker to execute arbitrary code.

The vulnerability of the command-line interface of the Cisco Unified Computing System UCS Manager software for microprogrammed routers in the UCS 6200 Series Fabric Interconnects and UCS 6300 Series Fabric Interconnects is related to the lack of measures taken to neutralize special elements used ...

7.8CVSS7.6AI score0.00439EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/31 9:3 p.m.3 views

kernel: buffer-overflow hardening in WiFi beacon validation code.

A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this...

9.8CVSS7.6AI score0.12651EPSS
Exploits0References4
CVE
CVE
added 2020/03/26 2:21 p.m.63 views

CVE-2020-9521

CVE-2020-9521 affects Micro Focus Service Manager Automation (SMA). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands, impacting SMA versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The connected records confirm the issue and...

8.8CVSS9.1AI score0.01138EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder