Lucene search
K

5255 matches found

Prion
Prion
added 2020/02/03 2:15 p.m.12 views

Default configuration

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

5CVSS6.8AI score0.01583EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/03 1:34 p.m.19 views

CVE-2014-8328

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

5.2AI score0.01583EPSS
Exploits0References3
CVE
CVE
added 2020/02/03 1:34 p.m.49 views

CVE-2014-8328

The CVE-2014-8328 issue affects the TYPO3 Dynamic Content Elements (dce) extension prior to version 0.11.5. The vulnerability arises from the extension’s update check functionality, which could disclose sensitive installation environment information to remote attackers. The in-scope detail confir...

5.3CVSS5.1AI score0.01583EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/01/30 9:15 p.m.13 views

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

7.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/01/27 10:15 a.m.19 views

Sql injection

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...

5.5CVSS8.3AI score0.01027EPSS
Exploits0References1Affected Software2
RedHat Linux
RedHat Linux
added 2020/01/21 3:53 p.m.5 views

kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation...

9.8CVSS7.1AI score0.06821EPSS
Exploits0References4
Fedora
Fedora
added 2020/01/16 10:31 p.m.28 views

[SECURITY] Fedora 30 Update: gnulib-0-31.20200107git.fc30

The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your progr ams...

8.8CVSS3.1AI score0.02515EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2020/01/15 12:0 a.m.4 views

The vulnerability of the quality management module in the SAP R/3 system lies in the lack of measures taken to neutralize special elements used in SQL queries, allowing attackers to disclose sensitive information.

The vulnerability of the SAP Quality Management module in the SAP R/3 system exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information by sending a...

4.3CVSS5.5AI score0.00692EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2020/01/09 5:9 a.m.43 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...

8.8CVSS3.4AI score0.46589EPSS
Exploits7References4
OSV
OSV
added 2020/01/09 12:0 a.m.1 views

UBUNTU-CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...

8.8CVSS7.3AI score0.46589EPSS
Exploits7References8
VulnCheck KEV
VulnCheck KEV
added 2020/01/07 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17026

Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...

8.8CVSS7.4AI score0.46589EPSS
Exploits7References1
BDU FSTEC
BDU FSTEC
added 2019/12/26 12:0 a.m.5 views

The vulnerability of the McAfee Advanced Threat Defense software arises from the lack of measures taken to neutralize its special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the McAfee Advanced Threat Defense security tool exists due to the failure to take measures to neutralize specific elements within it. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands by sending specially crafted HTTP...

8.4CVSS8AI score0.01198EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/12/20 4:15 p.m.25 views

CVE-2019-19691

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability...

4.9CVSS5.1AI score0.01158EPSS
Exploits0References1
OSV
OSV
added 2019/12/20 4:15 p.m.5 views

CVE-2019-19691

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability...

4.9CVSS5.8AI score0.01158EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2019/12/18 5:33 p.m.36 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...

4.3CVSS5.4AI score0.01251EPSS
Exploits0
CVE
CVE
added 2019/12/18 5:33 p.m.282 views

CVE-2019-8769

CVE-2019-8769 concerns WebKit: an issue in the drawing of web page elements could allow leakage of browsing history when visiting a malicious site. Public fixes span multiple platforms and projects: Apple webkit (iOS 13.1/iPadOS 13.1 and macOS Catalina 10.15), WebKitGTK/WebKitGTK+ (e.g., webkitgt...

4.3CVSS4.9AI score0.01251EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2019/12/18 5:33 p.m.31 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...

4.3CVSS5.3AI score0.01251EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.6 views

The vulnerability of the NAT Port Mapping Protocol implementation in the TP-Link M7350 router’s microprogramming software arises from the failure to take measures to eliminate special elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the NAT Port Mapping Protocol NAT-PMP implementation of TP-Link’s M7350 router software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.1AI score0.02978EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.5 views

The vulnerability of the Port Triggering function in TP-Link M7350 microprogramming devices arises from the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the Port Triggering function in TP-Link’s M7350 route switch software exists because measures to neutralize the special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.2AI score0.02097EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/12/13 12:0 a.m.4 views

The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system’s route blocker lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system controller exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.1AI score0.02812EPSS
Exploits1References3
Rows per page
Query Builder