Lucene search
K

5909 matches found

ArchLinux
ArchLinux
added 2019/07/17 12:0 a.m.31 views

[ASA-201907-5] squid: arbitrary code execution

Arch Linux Security Advisory ASA-201907-5 ========================================= Severity: Critical Date : 2019-07-17 CVE-ID : CVE-2019-12527 Package : squid Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1004 Summary ======= The package squid before...

8.8CVSS2.9AI score0.50454EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/07/16 12:0 a.m.33 views

Ubuntu 16.04 LTS / 18.04 LTS : Exiv2 vulnerabilities (USN-4056-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4056-1 advisory. It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service...

6.5CVSS6.7AI score0.02127EPSS
Exploits5References8
Veracode
Veracode
added 2019/07/04 6:27 a.m.26 views

Server-Side Request Forgery (SSRF)

hawtio-system is vulnerable to server-side request forgery SSRF. A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/ servlet page. This allows a...

9.8CVSS2.1AI score0.26803EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2019/07/03 7:15 p.m.27 views

CVE-2019-6638

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...

6.5CVSS6.5AI score0.01989EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/03 6:23 p.m.20 views

CVE-2019-6638

On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process...

6.5AI score0.01989EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2019/07/03 3:39 p.m.120 views

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...

6.9AI score
Exploits0
Veracode
Veracode
added 2019/07/03 3:38 a.m.24 views

Directory Traversal

yard is vulnerable to directory traversal. The vulnerability exists as it is possible to access arbitrary files on the yard server machine through unsanitized HTTP requests...

7.5CVSS7.4AI score0.02334EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/07/02 3:28 p.m.24 views

GHSA-XFHH-RX56-RXCR Path Traversal vulnerability that affects yard

Possible arbitrary path traversal and file access via yard server Impact A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host unde...

7.5CVSS6.3AI score0.02334EPSS
Exploits0References4
0day.today
0day.today
added 2019/07/02 12:0 a.m.106 views

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 buil...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/02 12:0 a.m.32 views

F5 Networks BIG-IP : iControl REST vulnerability (K67825238)

Malformed http requests made to an undisclosed iControl REST endpoint can lead to infinite loop of the restjavad process. CVE-2019-6638 Impact All authenticated users, regardless of role, canexploit this vulnerability, which can result in a denial-of-service DoS for all iControl REST operations...

6.5CVSS6.4AI score0.01989EPSS
Exploits0References2
RubySec
RubySec
added 2019/07/02 12:0 a.m.25 views

Arbitrary path traversal and file access via `yard server`

A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later...

7.5CVSS2AI score0.02334EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/07/01 7:15 p.m.16 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.8CVSS9AI score0.00944EPSS
Exploits0References3
Prion
Prion
added 2019/07/01 7:15 p.m.13 views

Code injection

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

6.8CVSS8.9AI score0.00944EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/01 6:29 p.m.67 views

CVE-2019-7281

CVE-2019-7281 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is CSRF: an unauthenticated user can cause unverified HTTP requests that may let an attacker perform actions with administrative privileges when a logged-in user visits a malicious site. The ICSA advisory...

8.8CVSS8.5AI score0.00944EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/01 6:29 p.m.19 views

CVE-2019-7281

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8.6AI score0.00944EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/07/01 12:0 a.m.5 views

PT-2019-18511 · Prima Systems · Flexair

Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The issue allows an unauthenticated user to send unverified HTTP requests. This may enable an attacker to perform certain actions with administrative privileges if a logged-in user...

8.8CVSS8.7AI score0.00944EPSS
Exploits0References4
Zero Science Lab
Zero Science Lab
added 2019/06/30 12:0 a.m.102 views

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

5.1CVSS5.8AI score0.002EPSS
Exploits2
NVD
NVD
added 2019/06/25 4:15 p.m.19 views

CVE-2019-4382

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...

5.3CVSS5AI score0.07832EPSS
Exploits0References3
Prion
Prion
added 2019/06/25 4:15 p.m.18 views

Code injection

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...

5CVSS4.8AI score0.07832EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/25 3:45 p.m.17 views

CVE-2019-4382

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162...

5.3CVSS4.9AI score0.07832EPSS
Exploits0References3
Rows per page
Query Builder