Lucene search
+L

52 matches found

cnnvd
cnnvd
added 2022/02/25 12:0 a.m.6 views

Jetbrains JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity is vulnerable to an access control error that stems from the...

9.8CVSS5.7AI score0.01128EPSS
Exploits0References2
cnvd
cnvd
added 2021/11/10 12:0 a.m.19 views

Microsoft Azure Sphere Data Forgery Issue Vulnerability

Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...

6.7CVSS3.8AI score0.00547EPSS
Exploits0References1
redhat
redhat
added 2021/04/14 5:12 p.m.5 views

Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

4.3CVSS7.4AI score0.0048EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/02/17 12:0 a.m.10 views

Cisco Anyconnect Secure Mobility Client Code Issue Vulnerability

Cisco Anyconnect Secure Mobility Client is a VPN client software for secure connectivity from Cisco. A code issue vulnerability exists in Cisco AnyConnect Secure Mobility Client that arises from a network system or product that does not adequately verify the origin or authenticity of data. An...

7.8CVSS7.2AI score0.01253EPSS
Exploits1References4
hackerone
hackerone
added 2020/12/22 7:3 a.m.83 views

WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users

Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...

6.2AI score
Exploits0
threatpost
threatpost
added 2020/07/31 4:3 p.m.51 views

Anti-NATO Disinformation Campaign Leveraged CMS Compromises

Researchers have uncovered a widespread influence campaign that aims to discredit the Northern Atlantic Treaty Organization NATO, an intergovernmental military alliance between 30 North American and European countries. According to new research from FireEye, the campaign has been ongoing since at...

0.3AI score
Exploits0References19
osv
osv
added 2019/10/17 8:15 p.m.19 views

CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

7.5CVSS6.8AI score0.01262EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2019/10/16 12:0 a.m.33 views

CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional...

7.5CVSS6.8AI score0.01262EPSS
Exploits0References1
talosblog
talosblog
added 2019/07/09 8:6 a.m.105 views

Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial...

0.3AI score
Exploits0
hackerone
hackerone
added 2016/07/22 7:20 a.m.20 views

Uber: Text Only Content Spoofing on ubermovement.com Community Page

Text Only Content Spoofing on ubermovement.com Community Page Vulnerable URL: http://ubermovement.com/community?tag=%20Stories%20have%20false%20information.%20Visit%20http://attacker.com%20for%20real%20stories. Content Spoofing is an attack technique that allows an attacker to inject a malicious...

0.3AI score
Exploits0
threatpost
threatpost
added 2012/02/29 7:1 p.m.9 views

Business Identity Theft: Increasingly Commonplace Yet Incredibly Obscure

You wouldn’t know it from reading the news, but business identity theft is becoming an increasingly large concern for small business owners, according to a report filed by NPR’s Yuki Noguchi today on Morning Edition. Noguchi tells the story of Scott Burnett and the Memphis-based company he and hi...

1.7AI score
Exploits0References2
jvn
jvn
added 2010/10/29 11:36 a.m.5 views

Active! mail 6 vulnerable to HTTP header injection

Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...

4.3CVSS7AI score0.01104EPSS
Exploits0References5
Rows per page
Query Builder