Lucene search
K

361 matches found

CNNVD
CNNVD
added 2024/06/17 12:0 a.m.6 views

GeoVision EOL Operating System Command Injection Vulnerability

GeoVision EOL is a series of surveillance devices from GeoVision Japan. The GeoVision EOL suffers from an operating system command injection vulnerability that stems from an inability to properly filter user input. A remote attacker could exploit this vulnerability to inject and execute arbitrary...

9.8CVSS8.1AI score0.10072EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/06/05 7:10 a.m.32 views

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage NAS devices that have currently reached end-of-life EoL status. Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating...

9.8CVSS10AI score0.89218EPSS
Exploits12
GithubExploit
GithubExploit
added 2024/05/31 10:7 p.m.389 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Exploit for CVE-2024-24919 Description This Python script...

8.6CVSS8.9AI score0.99978EPSS
Exploits52
GithubExploit
GithubExploit
added 2024/05/31 12:10 p.m.817 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919-Check-Point-Remote-Access-VPN CVE-2024-24919...

8.6CVSS9AI score0.99978EPSS
Exploits52
Vulnrichment
Vulnrichment
added 2024/05/29 10:0 a.m.16 views

CVE-2024-28826 Unrestricted upload and download paths in check_sftp

Improper restriction of local upload and download paths in checksftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 EOL allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server...

8.8CVSS6.6AI score0.00475EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/05/21 8:40 a.m.514 views

Exploit for Use of Hard-coded Credentials in Dlink Dns-320L_Firmware

Dinkleberry 🫐 Are you one of the 92,000+ people1 stuck with a...

10CVSS9.9AI score0.98038EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.10 views

Microsoft Windows 10 1703 Education SEoL

Microsoft Windows 10 1703 Education is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'...

5.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.11 views

ManageEngine Applications Manager SEoL (14.0.x)

According to its version, ManageEngine Applications Manager is 14.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.12 views

ManageEngine Applications Manager SEoL (13.0.x)

According to its version, ManageEngine Applications Manager is 13.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

5.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/03/29 12:12 p.m.58 views

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

7.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/22 10:26 a.m.17 views

CVE-2024-28824 Privilege escalation in mk_informix plugin

Least privilege violation and reliance on untrusted inputs in the mkinformix Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows local users to escalate privileges...

8.8CVSS7AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/22 10:26 a.m.26 views

CVE-2024-1742 Information disclosure in mk_oracle Checkmk agent plugin

Invocation of the sqlplus command with sensitive information in the command line in the mkoracle Checkmk agent plugin before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows the extraction of this information from the process list...

3.8CVSS6.9AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2024/03/11 3:15 p.m.22 views

CVE-2024-0670

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 EOL allows local user to escalate privileges...

8.8CVSS8.9AI score0.00342EPSS
Exploits5References2
UbuntuCve
UbuntuCve
added 2024/03/11 3:15 p.m.19 views

CVE-2024-0670

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 EOL allows local user to escalate privileges...

8.8CVSS7.2AI score0.00342EPSS
Exploits5References3
Qualys Blog
Qualys Blog
added 2024/02/12 3:0 p.m.19 views

CSAM Drives Accurate TruRisk Scoring with EoL/EoS, Unauthorized Software, and Missing Security Agents

With the release of the Enterprise TruRisk Platform, Qualys is focusing each of its cyber security solutions on the more holistic goals of measuring, communicating, and eliminating cyber risk across the extended enterprise. Each offering within the platform works together, driving toward these...

7.3AI score
Exploits0
NVD
NVD
added 2024/02/10 5:15 a.m.27 views

CVE-2024-21490

This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...

7.5CVSS7.3AI score0.01891EPSS
Exploits1References7
OSV
OSV
added 2024/02/10 5:15 a.m.34 views

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

7.5CVSS7.3AI score0.01891EPSS
Exploits1References6
Prion
Prion
added 2024/02/10 5:15 a.m.26 views

Input validation

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

5CVSS7.2AI score0.01891EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2024/02/10 5:15 a.m.37 views

CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...

7.5CVSS6.8AI score0.01891EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/02/10 5:0 a.m.19 views

CVE-2024-21490

This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...

7.5CVSS7AI score0.01891EPSS
Exploits1References5
Rows per page
Query Builder