Lucene search
K

156 matches found

RedHat Linux
RedHat Linux
added 2021/04/26 11:19 a.m.109 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.8CVSS7.3AI score0.01764EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2021/04/26 11:17 a.m.167 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.3AI score0.01764EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2021/04/26 6:4 a.m.110 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.1AI score0.01764EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2021/04/26 6:4 a.m.1 views

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

8.8CVSS7.4AI score0.01218EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/26 5:49 a.m.120 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS7.1AI score0.01764EPSS
Exploits2References10
ALT Linux
ALT Linux
added 2021/04/26 12:0 a.m.35 views

Security fix for the ALT Linux 10 package thunderbird version 78.10.0-alt1

April 26, 2021 Andrey Cherepanov 78.10.0-alt1 - New version 78.10.0. - Security fixes: + CVE-2021-23994 Out of bound write due to lazy initialization + CVE-2021-23995 Use-after-free in Responsive Design Mode + CVE-2021-23998 Secure Lock icon could have been spoofed + CVE-2021-23961 More internal...

6.8CVSS8.1AI score0.01764EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2021/04/26 12:0 a.m.65 views

RHEL 8 : firefox (RHSA-2021:1361)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1361 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS8.3AI score0.01764EPSS
Exploits1References18
OSV
OSV
added 2021/04/23 7:15 a.m.9 views

SUSE-SU-2021:1307-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox was updated to 78.10.0 ESR bsc1184960 CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed CVE-2021-23961...

8.8CVSS7.8AI score0.01764EPSS
Exploits1References10
Talos
Talos
added 2019/10/08 12:0 a.m.64 views

Schneider Electric Modicon M580 FTP firmware update loader service denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the FTP firmware update service function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. A specially ordered set of FTP commands can cause the FTP loader service to enter a waiting...

4.9CVSS5.2AI score0.24374EPSS
Exploits0
NVD
NVD
added 2019/03/22 8:29 p.m.38 views

CVE-2019-9649

An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique ....\ to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date...

5.3CVSS5.2AI score0.14535EPSS
Exploits8References6
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.40 views

Ubuntu: Security Advisory (USN-3515-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.8AI score0.73927EPSS
Exploits5References2
NVD
NVD
added 2018/04/18 8:29 p.m.27 views

CVE-2018-7240

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious...

8.8CVSS9.3AI score0.03305EPSS
Exploits0References3
Prion
Prion
added 2018/04/18 8:29 p.m.21 views

Design/Logic Flaw

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious...

6.5CVSS8.9AI score0.03305EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/04/18 8:0 p.m.28 views

CVE-2018-7240

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious...

9AI score0.03305EPSS
Exploits0References3
CVE
CVE
added 2018/04/18 8:0 p.m.54 views

CVE-2018-7240

CVE-2018-7240 affects Schneider Electric Modicon Premium, Quantum, M340, and BMXNOR0200 series controllers. The vulnerability is a stack-based buffer overflow in the FTP server used for firmware upgrades, which could allow arbitrary code execution or, in extreme cases, malicious firmware loading ...

8.8CVSS8.9AI score0.03305EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/04/05 1:29 p.m.28 views

CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3CVSS4.4AI score0.0178EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.26 views

CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3AI score0.0178EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2018/01/04 3:49 p.m.65 views

USN-3515-1: Ruby vulnerability

It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution...

9.3CVSS7.4AI score0.73927EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2018/01/04 12:0 a.m.30 views

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerability (USN-3515-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3515-1 advisory. It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution. Tenable has extracted the...

9.3CVSS7.2AI score0.73927EPSS
Exploits5References2
Mageia
Mageia
added 2017/12/31 3:51 p.m.44 views

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS2.9AI score0.73927EPSS
Exploits6References2
Rows per page
Query Builder