Lucene search
K

7691 matches found

NVD
NVD
added 2021/05/07 11:15 a.m.15 views

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

8.2CVSS0.01158EPSS
Exploits1References3
OSV
OSV
added 2021/05/07 11:15 a.m.4 views

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

8.2CVSS7.2AI score
Exploits0References3
Prion
Prion
added 2021/05/07 11:15 a.m.13 views

Spoofing

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

6.4CVSS8AI score0.01158EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/06 12:0 a.m.38 views

Cisco Firepower Threat Defense Software Multiple DoS (cisco-sa-asa-ftd-vpn-dos-fpBcpEcD)

According to its self-reported version, Cisco FTD Software is affected by multiple denial of service DoS vulnerabilities. A vulnerability exists due to a lack of proper input validation. An unauthenticated, remote attacker can exploit this issue, via carefully crafted HTTPS request to an affected...

8.6CVSS7.3AI score0.01656EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2021/05/05 7:24 p.m.52 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2021/05/03 9:13 p.m.117 views

Nextcloud: Default Nextcloud allows http federated shares

userA on serverA runs on http only 2. userA sends a federated share to userB on serverB 3. userB is a normal user so he has no clue that there is no secure transport used and accepts the share 4. all the data written to and read from is now no longer protected by TLS Impact While maybe a bit far...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/04/30 7:6 p.m.110 views

CVE-2021-26291

A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...

9.1CVSS1AI score0.08691EPSS
Exploits2References4
Rapid7 Blog
Rapid7 Blog
added 2021/04/30 2:0 p.m.235 views

Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2021/04/30 12:0 a.m.247 views

Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE

The wpdmadminuploadfile AJAX action used a blacklist approach to forbid potential dangerous files, such as PHP, from being uploaded. However, other dangerous extensions, like .php4 were not forbidden. As an author or any account with the uploadfiles capability, attach a .php4 file to a download...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.46 views

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

9.8CVSS7.4AI score0.40982EPSS
Exploits0References8
NVD
NVD
added 2021/04/29 6:15 p.m.19 views

CVE-2021-1504

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS0.01656EPSS
Exploits0References1
OSV
OSV
added 2021/04/29 6:15 p.m.3 views

CVE-2021-1504

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

7.5CVSS5.9AI score0.01656EPSS
Exploits0References1
OSV
OSV
added 2021/04/29 6:15 p.m.5 views

CVE-2021-1445

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

7.5CVSS7.2AI score0.01656EPSS
Exploits0References1
NVD
NVD
added 2021/04/29 6:15 p.m.16 views

CVE-2021-1445

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS0.01656EPSS
Exploits0References1
Prion
Prion
added 2021/04/29 6:15 p.m.17 views

Design/Logic Flaw

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

5CVSS7.5AI score0.01656EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/04/29 6:15 p.m.17 views

Design/Logic Flaw

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

5CVSS7.5AI score0.01656EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2021/04/29 5:31 p.m.7 views

CVE-2021-1504 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS7.2AI score0.01656EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/29 5:31 p.m.25 views

CVE-2021-1504 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS8.7AI score0.01656EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/29 5:30 p.m.13 views

CVE-2021-1445 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS7.2AI score0.01656EPSS
Exploits0References1
Veracode
Veracode
added 2021/04/29 10:39 a.m.23 views

Privilege Escalation

openjdk11:edge is vulnerable to privilege escalation. Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromi...

7.5CVSS3.4AI score0.02698EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder