Lucene search
K

462 matches found

OSV
OSV
added 2022/03/15 6:3 p.m.2 views

USN-5330-1 libreoffice vulnerability

It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations...

7.5CVSS7.3AI score0.00965EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/04 12:0 a.m.6 views

Trailer Power Line Communications 安全漏洞

Trailer Power Line Communications is a bi-directional serial communications link on a vehicle power line from Transportation Systems Sector. A security vulnerability exists in Trailer Power Line Communications PLC J2497, which can be exploited by an attacker to perform diagnostic functions in the...

9.8CVSS8.3AI score0.01269EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.8 views

PT-2022-15011 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue is related to a "type confusion" bug in the default certificate validation routines when processing subjectAltNames. This allows, for example, an rfc822Name or...

7.4CVSS6AI score0.00768EPSS
Exploits0References10
hivepro
hivepro
added 2022/01/26 5:39 a.m.14 views

MoonBounce: New malware deployed by APT41 in UEFI firmware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...

0.5AI score
Exploits0
CISA
CISA
added 2022/01/16 12:0 a.m.23 views

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

Microsoft has released a blog post on possible Master Boot Record MBR Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the...

6.8AI score
Exploits0References3
Circl
Circl
added 2021/11/23 6:20 p.m.6 views

CVE-2021-39976

creationtimestamp| type| source ---|---|--- 2021-11-23 18:20:54+00:00| seen| https://t.me/cibsecurity/32849...

7.8CVSS7.5AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2021/11/22 1:11 p.m.2 views

USN-5153-1 libreoffice vulnerabilities

It was discovered that LibreOffice incorrectly handled digital signatures. An attacker could possibly use this issue to create a specially crafted document that would display a validly signed indicator, contrary to expectations...

7.5CVSS6.9AI score0.00709EPSS
Exploits0References3
Circl
Circl
added 2021/10/18 8:32 p.m.3 views

CVE-2021-42055

creationtimestamp| type| source ---|---|--- 2021-10-18 20:32:00+00:00| seen| https://t.me/cibsecurity/30723...

6.8CVSS6.5AI score0.00247EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/18 12:0 a.m.30 views

LibreOffice Trust Management Issues Vulnerability (CNVD-2022-55627)

LibreOffice is a suite that is compatible with other major office softwares and can be executed on a variety of platforms. A vulnerability exists in LibreOffice due to a trust management issue. An attacker could use this vulnerability to create digitally signed ODF documents by manipulating the...

7.5CVSS7.2AI score0.00709EPSS
Exploits0References1
hivepro
hivepro
added 2021/09/20 5:48 a.m.29 views

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

1AI score
Exploits0
OSV
OSV
added 2021/08/30 3:15 p.m.2 views

CVE-2021-24593

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

5.4CVSS5.8AI score0.0062EPSS
Exploits2References1
CVE
CVE
added 2021/08/30 2:11 p.m.60 views

CVE-2021-24593

CVE-2021-24593 affects the WordPress plugin Business Hours Indicator prior to version 2.3.5. The vulnerability is an Authenticated Stored Cross-Site Scripting (XSS) caused by the plugin not sanitising or escaping the 'Now closed message' setting in both backend and frontend outputs. Impact is sto...

5.4CVSS5.3AI score0.0062EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/30 2:11 p.m.31 views

CVE-2021-24593 Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...

5.5AI score0.0062EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Business Hours Indicator prior t...

5.4CVSS5.4AI score0.0062EPSS
Exploits2References2
Circl
Circl
added 2021/08/18 4:16 p.m.6 views

CVE-2021-21847

creationtimestamp| type| source ---|---|--- 2021-08-18 16:16:46+00:00| seen| https://t.me/cibsecurity/27500 2024-03-29 14:38:26+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/4219...

8.8CVSS7.3AI score0.01972EPSS
Exploits1References2
Circl
Circl
added 2021/08/18 12:16 p.m.6 views

CVE-2021-20763

creationtimestamp| type| source ---|---|--- 2021-08-18 12:16:39+00:00| seen| https://t.me/cibsecurity/27479...

4.3CVSS4.9AI score0.00934EPSS
Exploits0References1
NVD
NVD
added 2021/08/17 11:15 p.m.12 views

CVE-2021-0284

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service DoS. By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of...

7.8CVSS0.00993EPSS
Exploits0References1
NVD
NVD
added 2021/08/11 4:15 p.m.22 views

CVE-2021-38545

Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

5.9CVSS0.01293EPSS
Exploits1References1
OSV
OSV
added 2021/08/11 4:15 p.m.2 views

CVE-2021-38549

MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...

5.9CVSS5.8AI score0.01293EPSS
Exploits1References1
OSV
OSV
added 2021/08/11 4:15 p.m.3 views

CVE-2021-38548

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

5.9CVSS5.8AI score0.01293EPSS
Exploits1References1
Rows per page
Query Builder