Lucene search
K

9179 matches found

Cvelist
Cvelist
added 2020/01/02 6:39 p.m.21 views

CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

8.7AI score0.01091EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/01/02 2:3 p.m.5 views

OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS7.4AI score0.03362EPSS
Exploits0References4
exploitpack
exploitpack
added 2019/12/31 12:0 a.m.143 views

Sony Playstation 4 (PS4) 6.72 - WebKit Code Execution (PoC)

Sony Playstation 4 PS4 6.72 - WebKit Code Execution PoC / badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmwar...

6.8CVSS8.4AI score0.06463EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/12/31 12:0 a.m.180 views

Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)

/ badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmware 7.00. EDB Note Download:...

8.8CVSS8.3AI score0.06463EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.114 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make...

9.8CVSS7.6AI score0.06821EPSS
Exploits16References27
NVD
NVD
added 2019/12/26 7:15 p.m.23 views

CVE-2019-5273

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a deni...

7.5CVSS7.5AI score0.00477EPSS
Exploits0References1
Prion
Prion
added 2019/12/26 7:15 p.m.16 views

Heap overflow

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a deni...

5CVSS7.4AI score0.00477EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/12/26 6:49 p.m.86 views

CVE-2019-5273

The Huawei USG9500 hardening advisory confirms CVE-2019-5273 is a denial-of-service vulnerability in the X.509 certificate handling. Affected products are USG9500 with V500R001C30 and V500R001C60. The root cause is a flaw in X.509 processing that can trigger a large heap buffer overrun when decod...

7.5CVSS7.5AI score0.00477EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/26 6:42 p.m.27 views

CVE-2019-5274

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service...

7.3AI score0.00477EPSS
Exploits0References1
Huawei
Huawei
added 2019/12/26 12:0 a.m.103 views

Security Advisory - Multiple Vulnerabilities in the X.509 Implementation in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial o...

7.5CVSS7.6AI score0.00477EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2019/12/18 6:15 p.m.39 views

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...

7.8CVSS7.1AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/18 5:47 p.m.26 views

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...

7.5AI score0.00294EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/12/18 5:46 p.m.36 views

MTN Group: SharePoint exposed web services in a subdomain

Hi there I found a subdomain that is sharepoint configuration is poorly implemented Because of improper configuration an anonymous user can access to the SharePoint Web Services. POC: Go to the following url: https://www.mtn.co.za/vtibin/lists.asmx?WSDL services.jpg Remediation Restrict access to...

0.3AI score
Exploits0
Amazon
Amazon
added 2019/12/13 12:0 a.m.100 views

Medium: samba

Issue Overview: A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba...

5.5CVSS5.1AI score0.03392EPSS
Exploits0
CNVD
CNVD
added 2019/12/11 12:0 a.m.2 views

Google Chrome Information Disclosure Vulnerability (CNVD-2019-46762)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that stems from the program's failure to fully implement policies. The vulnerability can be exploited to obtain sensitive information from process memory via special...

6.5CVSS8.1AI score0.01376EPSS
Exploits0References1
OSV
OSV
added 2019/12/10 7:15 p.m.3 views

DEBIAN-CVE-2012-1577

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0...

9.8CVSS9.1AI score0.0155EPSS
Exploits0References1
Symantec
Symantec
added 2019/12/10 12:0 a.m.29 views

Lenovo Power Management Driver CVE-2019-6192 Local Buffer Overflow Vulnerability

Description Lenovo Power Management Driver is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to cause denial of service conditions. Due to the natur...

1.9AI score0.01742EPSS
Exploits5References2Affected Software1
Fedora
Fedora
added 2019/12/09 2:28 a.m.25 views

[SECURITY] Fedora 30 Update: libidn2-2.3.0-1.fc30

Libidn2 is an implementation of the IDNA2008 specifications in RFC 5890, 5891, 5892, 5893 and TR46 for internationalized domain names IDN. It is a standalone library, without any dependency on libidn...

7.5CVSS2.4AI score0.0279EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2019/12/05 6:40 p.m.90 views

Low severity vulnerability that affects com.linecorp.armeria:armeria

Multiple timing attack vulnerabilities leading to the recovery of secrets based on the use of non-constant time compare function Impact String comparison method in multiple authentication validation in Armeria were known to be vulnerable to timing attacks. This vulnerability is caused by the...

6.5CVSS1.9AI score0.00982EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2019/12/05 3:22 p.m.3 views

OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS7.4AI score0.03362EPSS
Exploits0References4
Rows per page
Query Builder