Lucene search
K

88 matches found

OSV
OSV
added 2023/11/02 2:15 p.m.5 views

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

5.4CVSS5.8AI score0.00383EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.18 views

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References3
CVE
CVE
added 2023/10/12 11:1 p.m.59 views

CVE-2023-44181

The vulnerability CVE-2023-44181 affects Juniper Networks Junos OS on QFX5k devices, caused by an improperly implemented security check in storm control. When storm control is enabled and ICMPv6 traffic is present, packets can be punted to the ARP queue, creating an L2 loop that can lead to DoS c...

7.5CVSS7.5AI score0.00531EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/12 11:1 p.m.14 views

CVE-2023-44181 Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

7.5CVSS6.9AI score0.00531EPSS
Exploits0References2
PyPA
PyPA
added 2023/09/21 10:15 p.m.11 views

PYSEC-2023-310

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

7.5CVSS7.1AI score0.00691EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.6 views

PT-2023-28302 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions =3.7.8 Beta Description: The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted...

7.5CVSS7.1AI score0.00691EPSS
Exploits1References13
Citrix
Citrix
added 2023/09/03 12:0 a.m.6 views

Prompt Error "Feature is not implemented" after Read-Only users login GUI

Read-only user login GUI and get an error "Feature is not implemented"...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2023/08/24 6:33 a.m.21 views

CVE-2023-4229 ioLogik 4000 Series: Session Headers Not Implemented

A vulnerability has been identified in ioLogik 4000 Series ioLogik E4200 firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized dat...

4.3CVSS5AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2023/08/02 1:15 p.m.6 views

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

5.4CVSS5.8AI score0.00558EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.33 views

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.8AI score0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.22 views

CVE-2022-43621

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an...

8.8CVSS9AI score0.02172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/23 7:46 p.m.5 views

CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS9.4AI score0.01163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/27 12:0 a.m.24 views

CODESYS V2 Web Server Improperly Implemented Security Check (2021-07)

Binary data scadacodesys2021-07.nbin...

9.8CVSS9.8AI score0.01151EPSS
Exploits0References3
NVD
NVD
added 2021/05/25 1:15 p.m.14 views

CVE-2021-30192

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check...

9.8CVSS0.01151EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/25 12:9 p.m.19 views

CVE-2021-30192

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check...

9.7AI score0.01151EPSS
Exploits0References2
OSV
OSV
added 2020/11/17 12:0 p.m.26 views

RUSTSEC-2020-0119 ReadTicket and WriteTicket should only be sendable when T is Send

Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send non-Send T to other threads. This can allows creating data races by cloning types with internal mutability and sending them to other threads as T of ReadTicket/WriteTicket. Such data...

8.1CVSS8.2AI score0.00766EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/01 3:31 p.m.21 views

CVE-2019-13131

Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE...

9.8AI score0.03578EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/04/18 12:33 p.m.25 views

ZEIT: [Fix Bypass #541631] Open redirect on Signup

Some signup and login paths did not verify the ?next= query param properly and allowed an open redirect with a carefully crafted invalid URL. It is standard practise to use a redirect query param in login and signup endpoints but the value should be carefully validated before accepting to redirec...

1.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/12/18 12:0 a.m.49 views

RHEL 7 : ghostscript (RHSA-2018:3834)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3834 advisory. - ghostscript: Uninitialized memory access in the aesdecode operator 699665 CVE-2018-15911 - ghostscript: Incorrect free logic in pagedevice...

9.8CVSS7.2AI score0.16288EPSS
Exploits4References21
Kitploit
Kitploit
added 2018/02/02 4:7 p.m.16 views

Evilgrade - Modular Framework To Take Advantage Of Poor Upgrade Implementations By Injecting Fake Updates

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries agents, a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new...

6.9AI score
Exploits0References1
Rows per page
Query Builder