Lucene search
K

216 matches found

Cvelist
Cvelist
added 2020/09/11 1:25 p.m.29 views

CVE-2020-9239

Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...

5.5AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2020/09/03 7:15 p.m.7 views

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...

5.5CVSS6.1AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2020/09/03 7:15 p.m.31 views

CVE-2020-9235

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230C432E9R5P1,Versions earlier than 10.1.0.231C10E3R3P2,Versions earlier than 10.1.0.231C185E3R5P1,Versions earlier than 10.1.0.231C636E3R3P1;Versions earlier than 10.1.0.212C432E10R3P4,Versions earlier than 10.1.0.213C636E3R4P3,Version...

5.5CVSS5.3AI score0.00242EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/06/19 3:46 a.m.8 views

nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

9.8CVSS7.3AI score0.02147EPSS
Exploits1References6
CNVD
CNVD
added 2020/06/08 12:0 a.m.4 views

Cheetah free wifi input validation error vulnerability

Cheetah free wifi is a calculator wireless network sharing software from China Cheetah Mobile Cheetah. An input validation error vulnerability exists in the liebaonat.sys file in Cheetah free wifi version 5.1, which originates from the program not validating the input value of IOCtl 0x830020f8,...

7.8CVSS6.8AI score0.00399EPSS
Exploits1References1
NVD
NVD
added 2020/06/03 2:15 p.m.11 views

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

9.8CVSS9.9AI score0.55084EPSS
Exploits4References5
NVD
NVD
added 2020/05/11 4:15 p.m.21 views

CVE-2020-12754

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...

7.8CVSS7.6AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2020/05/11 4:15 p.m.5 views

CVE-2020-12754

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 May 2020...

7.8CVSS7.1AI score0.00295EPSS
Exploits0References1
Snyk
Snyk
added 2020/04/05 12:0 a.m.2 views

Command Injection

Overview diskusage-ng is a package that get disk usage info in pure JavaScript and without any dependencies. Affected versions of this package are vulnerable to Command Injection. The argument path can be controlled by users without any sanitization. PoC var root = require"diskusage-ng"; root...

9.8CVSS5.6AI score0.03857EPSS
Exploits1References2
NVD
NVD
added 2020/03/20 7:15 p.m.20 views

CVE-2020-8137

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...

9.8CVSS9.9AI score0.04164EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/01/02 8:56 a.m.4 views

git: Arbitrary path overwriting via export-marks in-stream command feature

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...

3.6CVSS5.9AI score0.00427EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/12/19 7:18 p.m.55 views

git: Arbitrary path overwriting via export-marks in-stream command feature

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...

3.6CVSS5.9AI score0.00427EPSS
Exploits0References5
NVD
NVD
added 2019/12/18 9:15 p.m.16 views

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

9.8CVSS9.8AI score0.02742EPSS
Exploits0References1
OSV
OSV
added 2019/12/18 9:15 p.m.6 views

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

9.8CVSS7.9AI score0.02742EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/18 8:56 p.m.22 views

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

9.9AI score0.02742EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/12/11 12:21 a.m.33 views

CVE-2019-1348

A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite arbitrary paths. An attacker can abuse this flaw if they can control the input passed to the fast-import command by using the export-marks feature and overwrite arbitrary...

3.6CVSS3.3AI score0.00427EPSS
Exploits0References4
OSV
OSV
added 2019/08/16 3:15 a.m.8 views

CVE-2016-10894

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...

4.6CVSS4.7AI score
Exploits0References2
Prion
Prion
added 2019/08/16 3:15 a.m.13 views

Design/Logic Flaw

xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to and thus control various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks by depressing the touchpad once and th...

2.1CVSS6.9AI score0.00364EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.7 views

The vulnerability of the SnCloneVault.sys driver of the Secret Net Studio information protection system, which allows a hacker to trigger a service failure.

The vulnerability of the SnCloneVault.sys driver of the Secret Net Studio information protection system is related to deficiencies in data input control within the driver. Exploiting this vulnerability can allow attackers to cause service failures...

6.2CVSS5.5AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/06/24 12:0 a.m.6 views

STOPzilla AntiMalware Arbitrary Write Vulnerability

STOPzilla AntiMalware is a malware removal software. An arbitrary write vulnerability exists in the driver file szkg64.sys in STOPzilla AntiMalware 6.5.2.59. The vulnerability stems from an unverified output buffer address value starting at IOCtl 0x80002063. An attacker can exploit this...

5.5CVSS7.2AI score0.00475EPSS
Exploits1References1
Rows per page
Query Builder