Lucene search
K

108 matches found

Redos
Redos
added 2021/12/24 12:0 a.m.4 views

ROS-2-2011

2.2011 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

8.8CVSS8AI score0.01428EPSS
Exploits1
GithubExploit
GithubExploit
added 2021/12/13 11:29 a.m.460 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...

10CVSS9.2AI score0.99999EPSS
Exploits351
NVD
NVD
added 2021/11/26 3:15 p.m.17 views

CVE-2021-25269

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...

4.4CVSS0.00244EPSS
Exploits0References1
Prion
Prion
added 2021/11/26 3:15 p.m.15 views

Design/Logic Flaw

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...

2.1CVSS4.7AI score0.00244EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2021/11/26 2:12 p.m.49 views

CVE-2021-25269

CVE-2021-25269 describes a local unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced (and Advanced for Server) prior to 2.0.23, and Sophos Exploit Prevention prior to 3.8.3. This could allow a local administrator to prevent the HMPA service from starting despi...

4.4CVSS5.6AI score0.00244EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/11/26 2:12 p.m.20 views

CVE-2021-25269

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...

4.4CVSS6AI score0.00244EPSS
Exploits0References1
Securelist
Securelist
added 2021/09/16 3:30 p.m.976 views

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers...

6.8CVSS0.4AI score0.96843EPSS
Exploits38
Redos
Redos
added 2021/09/08 12:0 a.m.13 views

ROS-2-1896

2.1896 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...

8.8CVSS9.3AI score0.04006EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.17 views

ROS-2-1829

2.1829 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.8CVSS8.3AI score0.52838EPSS
Exploits11
Redos
Redos
added 2021/09/08 12:0 a.m.6 views

ROS-2-2093

2.2093 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

10CVSS8.6AI score0.05984EPSS
Exploits1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.783 views

Keywords & Meta <= 3.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF...

5.4CVSS0.4AI score0.00319EPSS
Exploits2
Securelist
Securelist
added 2021/07/08 5:0 a.m.3875 views

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 also known as PrintNightmare. Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client...

9.3CVSS0.7AI score0.99759EPSS
Exploits75
Securelist
Securelist
added 2021/03/04 5:20 p.m.440 views

Zero-day vulnerabilities in Microsoft Exchange Server

What happened? On March 2, 2021 several companies released reports about in-the-wild exploitation of zero-day vulnerabilities inside Microsoft Exchange Server. The following vulnerabilities allow an attacker to compromise a vulnerable Microsoft Exchange Server. As a result, an attacker will gain...

7.5CVSS1.3AI score0.99999EPSS
Exploits66
Mageia
Mageia
added 2020/11/19 8:52 a.m.62 views

Updated firefox and nss packages fix security vulnerabilities

When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...

9.3CVSS0.5AI score0.0245EPSS
Exploits1References3
Hacker One
Hacker One
added 2020/08/08 1:17 a.m.84 views

Acronis: Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services

Hi Team, Greetings! I've come across another subdomainwww.jet.acronis.com of acronis.com pointing to an unclaimed Webflow service. Visiting the www.jet.acronis.com returned the default 404 page for Webflow service, thereby making it potential for subdomain takeover. F940499 Similar to the previou...

7.5AI score
Exploits0
Huawei
Huawei
added 2020/07/15 12:0 a.m.36 views

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cau...

6.5CVSS6.2AI score0.00794EPSS
Exploits0Affected Software4
Symantec
Symantec
added 2019/11/12 12:0 a.m.49 views

Microsoft Internet Explorer VBScript Engine CVE-2019-1390 Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts may result in a denial of service condition. Internet explorer 9, 10, and 11 are...

0.8AI score0.06435EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/08/13 12:0 a.m.39 views

Microsoft Internet Explorer Scripting Engine CVE-2019-1194 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...

7.6CVSS0.2AI score0.03381EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2019/07/09 12:0 a.m.32 views

Microsoft Edge Chakra Scripting Engine CVE-2019-1062 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

0.6AI score0.08948EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.30 views

SUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-1) (Spectre)

This update for java-180-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing bsc1132728. CVE-2019-2684: More dynamic RMI interactions bsc1132732. CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID bsc1132729. CVE-2018-3639: fix...

8.1CVSS7AI score0.60631EPSS
Exploits3References13
Rows per page
Query Builder