Lucene search
K

5254 matches found

Positive Technologies
Positive Technologies
added 2019/07/01 12:0 a.m.4 views

PT-2019-18693 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The application fails to properly neutralize special elements, potentially allowing attackers to modify intended OS commands sent to downstream components. This could enable attacke...

9CVSS7.2AI score0.18306EPSS
Exploits5References6
OSV
OSV
added 2019/06/30 2:15 p.m.5 views

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

5.3CVSS6.4AI score
Exploits0References2
Veracode
Veracode
added 2019/06/21 2:41 a.m.9 views

Malicious Package

smartsearchwp is a malicious package. The package contains malicious code that steal credentials from websites it is loaded in when executed. DOM elements are traversed for usernames and passwords, which are subsequently uploaded to a remote server. Port scans of local gateway are performed and...

6.9AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2019/06/13 12:0 a.m.14 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...

3.8AI score
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.4 views

The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands on the underlying operating system.

The vulnerability of the command-line interface implementation of the networking operating system NX-OS exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

6.8CVSS7AI score0.00463EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.4 views

The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows a perpetrator to compromise the integrity and confidentiality of data or cause service failures due to improper use of privileges.

The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA is related to incorrect validation of scalar values and values of elements in the “EAP-pwd-Commit” section of imported elements. Exploiting this vulnerability allows a...

8.1CVSS6.9AI score0.02386EPSS
Exploits0References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.3 views

The vulnerability of the EAP Server component of the EAP-PWD certification protocol for wireless communication devices with WPA encryption lies in the improper use of privileges, allowing attackers to compromise data integrity and confidentiality or cause service failures.

The vulnerability of the EAP Server component of the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of explicit checks on imported elements. These imported elements do not undergo verification of scalar values and values of elements in the...

8.1CVSS6.9AI score0.02386EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.2 views

The vulnerability of the Heimdal protocol’s Kerberos implementation in the Samba network communication software allows attackers to expose sensitive information or cause service failures.

The vulnerability of the Heimdal protocol’s Kerberos 5 implementation in the Samba network communication software package is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected informatio...

7.5CVSS7.2AI score0.02486EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of the microprogrammed programmable logic controller SCALANCE, related to insufficient neutralization of special elements, allows a intruder to execute arbitrary system commands.

The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to the insufficient neutralization of certain special elements. Exploiting this vulnerability could allow a intruder, who does not have access to the Aruba Instant web interface, to execute arbitrary system...

10CVSS7.8AI score0.04631EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

The vulnerability of the microprogrammed programmable logic controller SCALANCE, related to insufficient neutralization of special elements, allows a intruder to execute arbitrary system commands.

The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to the insufficient neutralization of certain special elements. Exploiting this vulnerability allows an attacker with administrator privileges to execute arbitrary system commands...

9CVSS7.5AI score0.04269EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/05/22 8:29 p.m.15 views

Design/Logic Flaw

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...

9CVSS8.8AI score0.01721EPSS
Exploits1References1Affected Software59
Positive Technologies
Positive Technologies
added 2019/05/20 12:0 a.m.5 views

PT-2019-16870 · Ibm · Ibm Bigfix Platform

Name of the Vulnerable Software and Affected Versions: IBM BigFix Platform versions 9.2 through 9.5 Description: The issue allows a low-privilege user to manipulate the UI, exposing interface elements and information normally restricted to administrators. Recommendations: For versions 9.2 through...

6.5CVSS6.4AI score0.00925EPSS
Exploits0References3
Veracode
Veracode
added 2019/05/16 3:37 a.m.24 views

Denial Of Service

Firefox and Firefox ESR are vulnerable to denial of service DoS attacks. This occurs while parsing an HTML5 stream in concert with custom HTML elements which may lead to potentially exploitable crash...

9.8CVSS9AI score0.12658EPSS
Exploits1References18Affected Software5
Veracode
Veracode
added 2019/05/16 2:13 a.m.22 views

Use-After-Free

Firefox is vulnerable to use-after-free vulnerability. This occurs when editing events in form elements on a page. An attacker could cause a potentially exploitable crash resulting a denial of service condition...

9.8CVSS8.9AI score0.02997EPSS
Exploits0References13Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2019/05/15 12:0 a.m.30 views

Microsoft Edge CDXImageRenderTarget Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rendering of...

7.5CVSS1.9AI score0.23102EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/05/15 12:0 a.m.20 views

Adobe Acrobat Reader DC removeField Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

3.3CVSS3.2AI score0.09576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/05/13 5:3 a.m.8 views

Mozilla: Use-after-free when removing in-use DOM elements

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

9.8CVSS7.3AI score0.01838EPSS
Exploits0References5
Prion
Prion
added 2019/05/09 3:29 p.m.19 views

Code injection

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...

6.8CVSS8.1AI score0.00835EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/09 2:27 p.m.18 views

CVE-2019-6546

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...

7.6AI score0.00835EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/05/07 4:19 a.m.6 views

Mozilla: Use-after-free when removing in-use DOM elements

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

9.8CVSS7.3AI score0.01838EPSS
Exploits0References5
Rows per page
Query Builder