Lucene search
K

125 matches found

Positive Technologies
Positive Technologies
added 2023/05/29 12:0 a.m.6 views

PT-2023-12762 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue was discovered that allows execution of commands. The "/BrowseFiles.php" API endpoint is vulnerable to a POST request with a cmd parameter set to "ssh" a...

7.2CVSS6.7AI score0.23895EPSS
Exploits4References3
The Hacker News
The Hacker News
added 2023/04/10 6:25 a.m.4 views

CISA Warns of 5 Actively Exploited Security Flaws: Urgent Action Required

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added five security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. This includes three high-severity flaws in the Veritas Backup Exec Agent software...

9.8CVSS6.7AI score0.6491EPSS
Exploits15
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.4 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...

5.5CVSS5.6AI score0.00273EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:3 a.m.4 views

SUSE CVE-2016-4246

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

8.8CVSS8AI score0.04434EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.2AI score0.00666EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/10/07 6:52 a.m.333 views

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

7.8CVSS8.5AI score0.18188EPSS
Exploits8
Code423n4
Code423n4
added 2022/08/07 12:0 a.m.14 views

Unchecked Call Return Value

Lines of code Vulnerability details Impact The return value of a message call is not checked. Execution will resume even if the called contract throws an exception. If the call fails accidentally or an attacker forces the call to fail, this may cause unexpected behaviour in the subsequent program...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2022/05/09 12:0 a.m.3 views

Solana Rbpf 安全漏洞

Solana Rbpf is a Rust Virtual Machine and Jit compiler for Ebpf programs from the Solana Foundation in Switzerland. A security vulnerability in Solana Rbpf versions 0.2.26 and 0.2.27, which stems from improper execution of the sdiv command, can be exploited by an attacker to cause severe...

9.1CVSS8.3AI score0.0229EPSS
Exploits1References4
NVD
NVD
added 2022/02/18 8:15 p.m.32 views

CVE-2021-46603

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS0.01979EPSS
Exploits0References2
Prion
Prion
added 2021/12/28 8:15 p.m.24 views

Design/Logic Flaw

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions CVE-2020-7878. This issue is due to missing support for integrity check...

7.5CVSS9.2AI score0.00689EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/11/30 7:15 p.m.3 views

CVE-2020-7880

The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX...

8.8CVSS7.4AI score0.01606EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.6 views

Github merge 安全漏洞

Github merge is a simple npm package that merges many sources into a target. merge suffers from a security vulnerability that can be exploited by an attacker for remote code execution...

9.8CVSS7.5AI score0.01429EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/06/09 2:21 a.m.4 views

hw: information disclosure on some Intel Atom processors

A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow ...

6.5CVSS6.6AI score0.00472EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/05/21 4:22 p.m.45 views

Import loops in account imports, nats-server DoS

This advisory is canonically Problem Description An export/import cycle between accounts could crash the nats-server, after consuming CPU and memory. This issue was fixed publicly in in November 2020. The need to call this out as a security issue was highlighted by snyk.io and we are grateful for...

7.5CVSS1.3AI score0.03658EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.12 views

Microsoft Excel 代码注入漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of the victim...

7.8CVSS6.7AI score0.0235EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/02/10 12:0 a.m.7 views

迈克菲 McAfee Total Protection 权限许可和访问控制问题漏洞

McAfee Total Protection MTP is a one-stop security suite. An arbitrary process execution vulnerability exists in McAfee Total Protection versions prior to 16.0.30. An attacker could exploit this vulnerability to bypass the MTP self-defense by elevating privileges and executing arbitrary code...

8.2CVSS7.3AI score0.01026EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/14 12:0 a.m.6 views

Scullyio Scully 注入漏洞

Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...

7.3CVSS7.1AI score0.00825EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.6 views

A flaw was found in the fix for CVE-2019-11135 in the Linux upstream kernel versions before 5.5 where the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0) but is not affected by the MDS issue (MDS_NO=1) the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

...

6.5CVSS7AI score0.03133EPSS
Exploits0
CNVD
CNVD
added 2020/06/16 12:0 a.m.2 views

Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.

UFIDA NC products are world-class high-end management software for group enterprises. A command execution vulnerability exists in UFIDA NC, which can be exploited by attackers to gain server control privileges...

7.5AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 6:9 a.m.2 views

Cybozu Desktop for Windows vulenerable to arbitrary code execution

Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...

9.8CVSS7.7AI score0.02932EPSS
Exploits0References6
Rows per page
Query Builder