Lucene search
K

5255 matches found

BDU FSTEC
BDU FSTEC
added 2020/03/20 12:0 a.m.4 views

The vulnerability of the HTTP_ST component in the D-Link DIR-859 router’s microprogramming system arises from the failure to take measures to neutralize specific elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the HTTPST component in the D-Link DIR-859 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

10CVSS8.1AI score0.75105EPSS
Exploits6References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/03/20 12:0 a.m.2 views

The vulnerability of the REMOTE_PORT component of the D-Link DIR-859 router’s microprogramming system exists due to the failure to take measures to neutralize specific elements used in the operating system commands. This vulnerability allows a hacker to execute arbitrary commands.

The vulnerability of the REMOTEPORT component of the D-Link DIR-859 router’s microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.1AI score0.03673EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.3 views

The vulnerability of the Linux operating system’s kernel exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. This allows attackers to execute arbitrary code.

The vulnerability of the Linux operating system’s kernel exists because measures to neutralize special elements used in the operating system commands have not been implemented. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.4CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/03/16 7:35 a.m.39 views

CVE-2018-1000632

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS5.7AI score0.0657EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.32 views

openSUSE Security Update : librsvg (openSUSE-2020-343)

This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numb...

6.5CVSS6.8AI score0.02125EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/11 12:0 a.m.32 views

SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2020:0629-1)

This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues : CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

6.5CVSS6.9AI score0.02125EPSS
Exploits0References4
NVD
NVD
added 2020/03/09 7:15 p.m.12 views

CVE-2020-10247

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

6.1CVSS6AI score0.00835EPSS
Exploits0References2
Prion
Prion
added 2020/03/09 7:15 p.m.14 views

Design/Logic Flaw

MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...

4.3CVSS5.9AI score0.00835EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/03/06 1:15 p.m.13 views

Cross-Site Scripting (XSS)

@instructure/ui-elements is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to lack of proper truncation of texts in argument Text in 'Truncator.js' , allowing an attacker to inject malicious scripts...

3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.29 views

FreeBSD : librsvg2 -- multiple vulnabilities (b66583ae-5aee-4cd5-bb31-b2d397f8b6b3)

Librsvg2 developers reports : Backport the following fixes from 2.46.x : Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

6.5CVSS6.9AI score0.02125EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.4 views

The vulnerability of the File.fnmatch method in the Ruby programming language allows a hacker to gain unauthorized access to protected information.

The vulnerability of the File.fnmatch method in the Ruby programming language exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using a specially...

6.5CVSS6.5AI score0.03289EPSS
Exploits0References13Affected Software8
Cvelist
Cvelist
added 2020/03/02 4:5 a.m.33 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...

8.2AI score0.46589EPSS
Exploits7References6
FreeBSD
FreeBSD
added 2020/02/26 12:0 a.m.38 views

librsvg2 -- multiple vulnerabilities

Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

6.5CVSS6.9AI score0.02125EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/02/18 8:16 a.m.5 views

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

6.1CVSS7.2AI score0.02056EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerability of the Necko web library in the Firefox browser is related to a access failure to child elements during an incorrect flow during the UDP connection. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Necko web library in the Firefox browser is related to an access error for a child element during a wrong transmission process in a UDP connection. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause...

9.8CVSS7.7AI score0.01707EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.8 views

The vulnerability of the SAP Gateway development environment and the SAP UI5 software platform, which exists due to the lack of measures to neutralize special elements, allows attackers to compromise data integrity.

The vulnerability of the SAP Gateway and the SAP UI5 software platform exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability can allow a malicious actor to compromise data integrity from a remote location...

7.8CVSS7.3AI score0.02511EPSS
Exploits1References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.3 views

The vulnerability of the Apache SpamAssassin spam filtering software lies in its failure to address the neutralization of special elements used in the operating system command line. This allows attackers to execute arbitrary commands on the target system.

The vulnerability of the Apache SpamAssassin spam filtering software exists because measures are not taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by loadi...

10CVSS7.3AI score
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.4 views

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers stems from the failure to address the issue of eliminating special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the root user in the target system.

The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerabilit...

10CVSS8.4AI score0.89624EPSS
Exploits8References4Affected Software11
Kitploit
Kitploit
added 2020/02/10 11:30 a.m.123 views

Pytm - A Pythonic Framework For Threat Modeling

Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...

10CVSS7.7AI score0.52811EPSS
Exploits0References2
NVD
NVD
added 2020/02/03 2:15 p.m.17 views

CVE-2014-8328

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

5.3CVSS5.2AI score0.01583EPSS
Exploits0References3
Rows per page
Query Builder