Lucene search
K

7691 matches found

Veracode
Veracode
added 2021/04/29 10:22 a.m.28 views

Privilege Escalation

openjdk11:edge is vulnearble to privilege escalation. It allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data...

3.7CVSS4.2AI score0.02298EPSS
Exploits0References8Affected Software1
Cloud Foundry
Cloud Foundry
added 2021/04/29 12:0 a.m.40 views

USN-4898-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS5.9AI score0.05301EPSS
Exploits2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary There are multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM,...

5.9CVSS0.9AI score0.06049EPSS
Exploits2Affected Software7
Cisco
Cisco
added 2021/04/28 4:0 p.m.348 views

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...

8.6CVSS8AI score0.01656EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/28 12:0 a.m.3 views

PT-2021-2789 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...

8.6CVSS7.8AI score0.01656EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.4 views

Cisco Adaptive Security Appliances Software 缓冲区错误漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco Corporation.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect...

8.6CVSS5.6AI score0.01656EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/04/28 12:0 a.m.3 views

PT-2021-2788 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...

8.6CVSS7.8AI score0.01656EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/04/26 6:21 a.m.4 views

Mozilla: Secure Lock icon could have been spoofed

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS7.4AI score0.00554EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/26 6:4 a.m.4 views

Mozilla: Secure Lock icon could have been spoofed

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS7.4AI score0.00554EPSS
Exploits0References5
Apple
Apple
added 2021/04/26 12:0 a.m.25 views

About the security content of Apple Music 3.5.0 for Android

About the security content of Apple Music 3.5.0 for Android This document describes the security content of Apple Music 3.5.0 for Android. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred an...

5.9CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2021/04/23 12:0 a.m.22 views

Fedora: Security Advisory for curl (FEDORA-2021-26a293c72b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.3CVSS6AI score0.05301EPSS
Exploits2References2
OSV
OSV
added 2021/04/22 10:15 p.m.3 views

CVE-2021-2262

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

8.1CVSS6.6AI score0.00987EPSS
Exploits0References1
NVD
NVD
added 2021/04/22 10:15 p.m.14 views

CVE-2021-2262

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

8.1CVSS0.00987EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 10:15 p.m.15 views

Design/Logic Flaw

Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...

5.5CVSS8.1AI score0.00987EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/22 9:53 p.m.67 views

CVE-2021-2262

CVE-2021-2262 affects Oracle E-Business Suite Purchasing (Endeca) 12.1.3. The Endeca component is vulnerable, and a low-privileged attacker with network access via HTTPS can compromise Oracle Purchasing, potentially causing unauthorized creation, deletion, or modification of data or full data acc...

8.1CVSS8.2AI score0.00987EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/04/22 8:15 p.m.20 views

CVE-2021-0261

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...

7.5CVSS0.01113EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 8:15 p.m.24 views

Authentication flaw

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...

5CVSS7.5AI score0.01113EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/22 7:37 p.m.51 views

CVE-2021-0261

CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...

7.5CVSS7.5AI score0.01113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/22 7:37 p.m.21 views

CVE-2021-0261 Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...

7.5CVSS7.7AI score0.01113EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/22 4:14 p.m.82 views

Missing Authentication for Critical Function in Apache Calcite

"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...

5.9CVSS0.4AI score0.02115EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder