Lucene search
K

356 matches found

CNVD
CNVD
added 2019/08/23 12:0 a.m.2 views

Google Android Media Framework Denial of Service Vulnerability (CNVD-2019-40855)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. A denial of service vulnerability exists in Media framework in Android. An attacker can exploit this vulnerability to...

6.5CVSS6.7AI score0.00635EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/02 12:0 a.m.2 views

Django input validation error vulnerability (CNVD-2019-35879)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. An input validation error vulnerability exists in Django. An attacker can exploit this vulnerabili...

7.5CVSS6.8AI score0.03073EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/07/23 12:0 a.m.6 views

The vulnerability of the Microsoft Common Object Runtime Library on the Microsoft .NET Framework software platform allows a perpetrator to cause a service failure.

The vulnerability of the Microsoft Common Object Runtime Library in the Microsoft .NET Framework is related to errors in handling web requests. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests...

7.8CVSS5.5AI score0.07797EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of the ASP.NET Core software platform, related to errors in request processing, allows a hacker to cause a service failure.

The vulnerability of the ASP.NET Core software platform is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests to the ASP.NET Core application...

7.8CVSS5.5AI score0.06681EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2019/05/22 10:22 a.m.16 views

dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980...

7.5CVSS7.1AI score0.04943EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/06 5:30 p.m.39 views

Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header...

7.5CVSS1.2AI score0.09513EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2019/04/09 7:44 p.m.5 views

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2019-11002 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2019-11002 Source advisory: OSV:GHSA-98F7-P5RC-JX67...

6.1CVSS6.3AI score0.00795EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.31 views

F5 Networks BIG-IP : REST Framework vulnerability (K11818407)

The Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6602 Impact BIG-IP The Configuration utility login page returns an inconsistent HTTP response when processing modified requests; this may provide clues to an attacker looking to...

7.5CVSS7.4AI score0.01779EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/01/15 12:0 a.m.9 views

The vulnerability of the search function in the Microsoft .NET Framework allows a perpetrator to access confidential information.

The vulnerability of the search function in the Microsoft .NET Framework lies in the lack of authentication for the HTTP requests that are executed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information through a specially crafte...

3.1CVSS6.6AI score0.043EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.6 views

The vulnerability of the Web framework component of the Cisco IOS XE operating system allows a hacker to trigger a service failure.

The vulnerability of the Web framework component of the Cisco IOS XE operating system arises due to errors in parsing HTTP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted HTTP packet...

8.6CVSS7.6AI score0.04402EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/07/12 12:0 a.m.12 views

Microsoft .NET Framework Remote Code Execution Vulnerability (CNVD-2018-15850)

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

9.3CVSS8.3AI score0.4287EPSS
Exploits0References1
Prion
Prion
added 2018/06/07 9:29 p.m.19 views

Cross site scripting

A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...

3.5CVSS5.4AI score0.01276EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/06/07 9:29 p.m.17 views

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

4.3CVSS6AI score0.01783EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/06/07 2:29 a.m.12 views

Directory traversal

picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

5CVSS7.4AI score0.02005EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.18 views

CVE-2017-16194

picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.4AI score0.02005EPSS
Exploits1References2
CNVD
CNVD
added 2018/04/23 12:0 a.m.2 views

Cisco Unified Communications Manager Information Disclosure Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

4.3CVSS6.3AI score0.01756EPSS
Exploits0References1
OSV
OSV
added 2017/11/10 9:29 a.m.3 views

PYSEC-2017-40

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

7.5CVSS7.2AI score0.02426EPSS
Exploits1References3
OSV
OSV
added 2017/09/27 8:29 a.m.1 views

DEBIAN-CVE-2017-14767

The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...

8.8CVSS8.5AI score0.02712EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/09/21 12:0 a.m.5 views

PT-2017-12423 · Cisco · Cisco Unified Intelligence Center

Name of the Vulnerable Software and Affected Versions: Cisco Unified Intelligence Center Software affected versions not specified Description: A vulnerability in the web framework code could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of t...

6.1CVSS6AI score0.01714EPSS
Exploits0References5
OSV
OSV
added 2017/08/09 9:29 p.m.3 views

CVE-2017-0720

A remote code execution vulnerability in the Android media framework libhevc. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213...

7.8CVSS6.3AI score
Exploits0References2
Rows per page
Query Builder