Lucene search
K

123 matches found

NVD
NVD
added 2020/09/11 3:15 p.m.16 views

CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...

6.5CVSS0.00755EPSS
Exploits0References1
Prion
Prion
added 2020/09/11 3:15 p.m.11 views

Information disclosure

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...

4CVSS6.4AI score0.00755EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/11 3:15 p.m.19 views

Input validation

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in...

4.3CVSS5.7AI score0.00315EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/11 3:15 p.m.17 views

Cross site request forgery (csrf)

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery CSRF vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and...

4.3CVSS6.7AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/11 2:14 p.m.22 views

CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later...

4.3CVSS6.4AI score0.00755EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/28 3:17 p.m.36 views

CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...

9.5AI score0.05186EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2020/07/28 12:0 a.m.44 views

openSUSE Security Update : freerdp (openSUSE-2020-1090)

This update for freerdp fixes the following issues : frerdp was updated to version 2.1.2 bsc1171441,bsc1173247 and jscECO-2006 : - CVE-2020-11017: Fixed a double free which could have denied the server's service. - CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have...

8.3CVSS6.8AI score0.02653EPSS
Exploits6References43
Prion
Prion
added 2020/03/11 7:15 p.m.14 views

Command injection

A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions...

7.2CVSS7.6AI score0.00627EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2020/02/12 12:0 a.m.40 views

ansible - win_unzip path normalization

Borja Tarraso reports: A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the winunzip module as the extracted files are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by...

7.8CVSS4.1AI score0.00362EPSS
Exploits0References5
Prion
Prion
added 2019/12/18 6:15 p.m.19 views

Memory corruption

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges...

9.3CVSS7.3AI score0.01398EPSS
Exploits0References4Affected Software5
ATTACKERKB
ATTACKERKB
added 2019/12/18 12:0 a.m.34 views

CVE-2019-8605

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.3CVSS4AI score0.17438EPSS
In wildExploits6References6
UbuntuCve
UbuntuCve
added 2019/12/10 3:15 p.m.36 views

CVE-2013-2159

Monkey HTTP Daemon: broken user name authentication...

9.8CVSS7.2AI score0.02834EPSS
Exploits0References3
NVD
NVD
added 2019/12/04 5:16 p.m.22 views

CVE-2019-7201

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak...

7.8CVSS7.8AI score0.00332EPSS
Exploits0References1
Prion
Prion
added 2019/12/04 5:16 p.m.16 views

Design/Logic Flaw

An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP have already fixed this issue in QNAP NetBak...

7.2CVSS7.8AI score0.00332EPSS
Exploits0References1Affected Software1
RustSec
RustSec
added 2019/11/16 12:0 p.m.21 views

HeaderMap::Drain API is unsound

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...

9.8CVSS2.4AI score0.01812EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2019/09/06 12:0 p.m.20 views

fix unsound APIs that could lead to UB

Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by This patch fixes all those issues above...

7.8CVSS2.6AI score0.01635EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2019/08/08 3:48 p.m.22 views

HackerOne: Disclosure of Program email Title Report when being removed as contributor. Bypass for Report #645264

Summary: It is somehow related to this report 645264. But I found an alternative way to reproduce the issue even it is considered as resolved. Steps To Reproduce 1. As a Program admin, navigate to Program Settings 2. Click Program 3. Click Email Notifications 4. Make sure it is set to No Content ...

6.5AI score
Exploits0
NVD
NVD
added 2019/07/03 8:15 p.m.15 views

CVE-2019-12842

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2...

6.1CVSS6.4AI score0.00793EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/07/03 7:46 p.m.22 views

CVE-2019-12846

A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2...

5.7AI score0.00771EPSS
Exploits0References1
NVD
NVD
added 2019/07/03 7:15 p.m.20 views

CVE-2019-12866

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168...

9.8CVSS8.5AI score0.01939EPSS
Exploits0References1
Rows per page
Query Builder