Lucene search
+L

75 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.10 views

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

7.2CVSS5.9AI score0.0038EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/01/11 12:0 a.m.7 views

The vulnerability of the uof_get_name() function in the QAT_420xx driver (driver/crypto/intel/qat/qat_420xx/adf_420xxHW_data.c) on Linux operating systems allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the uofgetname function in the QAT420xx driver driver/crypto/intel/qat/qat420xx/adf420xxhwdata.c in Linux operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized acces...

5.3CVSS7AI score0.00243EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2024/12/09 1:15 p.m.4 views

CVE-2023-51360

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0...

8.8CVSS5.8AI score0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.4 views

PT-2024-3561 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 4.2.0 through 4.2.6 FortiSandbox versions 4.4.0 through 4.4.4 Description: The issue is related to the client-side enforcement of server-side security in FortiSandbox. It allows an attacker to execute unauthorized code o...

9CVSS7.8AI score0.00834EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.6 views

4ipnet EAP-767 Security Vulnerability

The 4ipnet EAP-767 is an enterprise-grade concurrent dual-band 802.11ac indoor access point designed for high-density environments such as offices, universities, hotels and hospitals. A security vulnerability exists in the 4ipnet EAP-767 version v3.42.00, which stems from susceptibility to...

9.8CVSS6.8AI score0.00767EPSS
Exploits1References2
PyPA
PyPA
added 2024/01/30 4:15 p.m.8 views

PYSEC-2024-31

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS6.8AI score0.00398EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.5 views

PT-2024-18997 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Authenticated users could inject code into algorithm...

8.8CVSS8.8AI score0.01266EPSS
Exploits0References10
OSV
OSV
added 2024/01/03 8:15 a.m.12 views

UBUNTU-CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...

7.8CVSS7AI score0.01823EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.3 views

PT-2024-15387 · Wireshark +1 · Wireshark +1

Name of the Vulnerable Software and Affected Versions: Wireshark version 4.2.0 Description: The issue allows for denial of service via packet injection or crafted capture file, specifically affecting the Zigbee TLV dissector in Wireshark. Recommendations: For Wireshark version 4.2.0, update to a...

7.8CVSS7.8AI score0.03456EPSS
Exploits9References77
ATTACKERKB
ATTACKERKB
added 2023/11/05 12:15 a.m.7 views

CVE-2023-46981

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list...

9.8CVSS6.3AI score0.01119EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.6 views

Sealos 授权问题漏洞

Sealos is a cloud operating system designed for managing cloud-native applications. An authorization issue vulnerability exists in Sealos versions prior to 4.2.0, which stems from a misconfiguration of Role-Based Access Control RBAC permissions, allowing an attacker to gain access to cluster...

9.9CVSS8.4AI score0.00706EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/05/24 4:9 a.m.7 views

Exploit for Missing Authentication for Critical Function in Ic Realtime_Icip-P2012T_Firmware

CVE-2023-31594 IC Realtime ICIP-P2012T is vulnerable to Incorr...

7.5CVSS8.1AI score0.00783EPSS
Exploits2
OSV
OSV
added 2023/05/10 6:15 a.m.3 views

CVE-2023-25070

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product...

6.5CVSS5.9AI score0.00507EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP BusinessObjects Business...

7.5CVSS7.4AI score0.0057EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.7 views

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...

7.5CVSS7.5AI score0.00524EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.4 views

SAP BusinessObjects Business Intelligence 信息泄露漏洞

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analytics, and data visualization. An information disclosure vulnerability exists in SAP BusinessObjects Business...

8.5CVSS7.1AI score0.00522EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.6 views

Pixel&tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue in the src/helpers/Cp.php page...

5.4CVSS5.4AI score0.00517EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/29 11:15 p.m.5 views

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

9.8CVSS7.3AI score0.00694EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.5 views

Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞

The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...

9.8CVSS7.4AI score0.01692EPSS
Exploits0References3
Circl
Circl
added 2022/08/17 2:39 a.m.11 views

CVE-2021-42052

creationtimestamp| type| source ---|---|--- 2022-08-17 02:39:29+00:00| seen| https://t.me/cibsecurity/48268...

7.5CVSS7.4AI score0.00922EPSS
Exploits1References1
Rows per page
Query Builder