Lucene search
K

153 matches found

OSV
OSV
added 2022/05/01 6:38 a.m.4 views

GHSA-2JXH-3CX8-XW65 Apache Geronimo console 1.0 vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...

4.3CVSS6AI score0.31601EPSS
Exploits1References17
Oracle linux
Oracle linux
added 2022/04/25 12:0 a.m.96 views

Unbreakable Enterprise kernel security update

4.14.35-2047.512.6 - Revert 'rds/ib: recover rds connection from stuck rx path' Rohit Nair Orabug: 34039271 - uek-rpm: update kABI lists for new symbols Saeed Mirzamohammadi Orabug: 33993774 4.14.35-2047.512.5 - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug:...

9CVSS0.88106EPSS
Exploits131
OSV
OSV
added 2022/02/18 9:53 p.m.9 views

GSD-2022-1000197 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable

drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.96 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/02/18 9:44 p.m.11 views

GSD-2022-1000128 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable

drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.228 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/02/18 9:35 p.m.8 views

GSD-2022-1000103 drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable

drm/msm/dsi: invalid parameter check in msmdsiphyenable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.265 by commit...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.20 views

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2018-7852)

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. This plugin only works with Tenable.ot...

9.8CVSS6.8AI score0.35039EPSS
Exploits18References4
Snyk
Snyk
added 2022/01/31 3:4 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...

7.5CVSS7AI score0.01955EPSS
Exploits0References2
CVE
CVE
added 2021/06/09 2:18 p.m.42 views

CVE-2021-23852

CVE-2021-23852 concerns Bosch IP cameras. An authenticated administrator could call a URL with an invalid parameter, causing the camera to become unresponsive for a few seconds and trigger DoS. The vulnerability is documented across multiple sources (NVD entry, CNVD, CVE listing). No exploitation...

4.9CVSS5AI score0.00825EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/02/01 12:0 a.m.9 views

TerraMaster TOS Dynamic Class Method Invocation Vulnerability

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A dynamic class method call vulnerability exists in include/exportUser.php in TerraMaster TOS versions prior to 4.1.29. The vulnerability stems from invalid parameter checking. An attacker can...

10CVSS6.9AI score0.28495EPSS
Exploits1References1
Prion
Prion
added 2021/01/30 5:15 a.m.28 views

Code injection

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

10CVSS9.6AI score0.28495EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/09/02 8:15 p.m.16 views

CVE-2020-5779

A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...

7.5CVSS7.5AI score0.01056EPSS
Exploits0References1
Prion
Prion
added 2020/09/02 8:15 p.m.9 views

Design/Logic Flaw

A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...

5CVSS7.4AI score0.01056EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/02 7:21 p.m.20 views

CVE-2020-5779

A flaw in Trading Technologies Messaging 7.1.28.3 ttmd.exe relates to invalid parameter handling when calling strcpys with an invalid parameter i.e., a long src string parameter as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe...

7.5AI score0.01056EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/03/10 12:2 p.m.5 views

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/24 9:19 p.m.4 views

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/24 9:19 p.m.5 views

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/24 9:19 p.m.4 views

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/24 8:41 p.m.4 views

ansible: sub parameters marked as no_log are not masked in certain failure scenarios

A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...

7.3CVSS7.2AI score0.00427EPSS
Exploits0References4
OSV
OSV
added 2019/10/14 3:15 p.m.1 views

DEBIAN-CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

5.5CVSS6.1AI score0.00427EPSS
Exploits0References1
OSV
OSV
added 2019/10/14 3:15 p.m.1 views

ALPINE-CVE-2019-14858

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

5.5CVSS6.7AI score0.00427EPSS
Exploits0References1
Rows per page
Query Builder