Lucene search
K

4456 matches found

CNVD
CNVD
added 2016/11/11 12:0 a.m.2 views

Command Execution Vulnerability in the Security Isolation Gateway general_gate_add_op.php at Beijing Yuanwei Software Co.

Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. A command execution vulnerability exists in generalgateaddop.php, the security isolation gateway of Beijing...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2016/11/10 12:0 a.m.3 views

Multiple Command Execution Vulnerabilities in the Security Isolation Gateway of Beijing Yuanwei Software Co.

Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. Multiple command execution vulnerabilities exist in the security isolation gateway of Beijing Yuanwei...

7.6AI score
Exploits0References1
ICS
ICS
added 2016/09/11 6:0 a.m.52 views

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Sauter’s NovaWeb web HMI application. Sauter has not produced a mitigation for this vulnerability. This product was discontinued in 2013 and is no longer supported. This vulnerability could be...

8.6CVSS9AI score0.0207EPSS
Exploits0References10
Citrix
Citrix
added 2016/08/26 12:0 a.m.8 views

Provisioning Services: Support Statement for Multiple PVS Farms pointing to different Databases in one Subnet

Question: Can we boot targets using PXE boot in Subnet where we have 2 PVSServer in 2 different farms pointing to different database? Answer: This is not supported because when targets boot using PXE services, it broadcasts a packet and if it contacts a PVS Server which does not have entry for...

7.2AI score
Exploits0
OSV
OSV
added 2016/08/04 6:23 p.m.3 views

USN-3047-1 qemu, qemu-kvm vulnerabilities

Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is...

7.8CVSS7AI score0.00701EPSS
Exploits0References15
ICS
ICS
added 2016/07/31 6:0 a.m.72 views

Honeywell Experion PKS Improper Input Validation Vulnerability

OVERVIEW Honeywell reported a denial-of-service condition caused by an improper input validation vulnerability in Honeywell’s Experion Process Knowledge System PKS platform. Honeywell has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

4.3CVSS4.5AI score0.01546EPSS
Exploits0References10
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.13 views

Row Hammer Privilege Escalation - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2016/07/21 1:55 p.m.14 views

The performance benefits of rel=noopener

If you have links to another origin, you should use rel="noopener", especially if they open in a new tab/window. Example site Without this, the new page can access your window object via window.opener. Thankfully the origin security model of the web prevents it reading your page, but no-thankfull...

0.1AI score
Exploits0
OSV
OSV
added 2016/07/11 1:59 a.m.6 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS5.8AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2016/07/11 1:59 a.m.25 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS7.4AI score0.00361EPSS
Exploits0References2
Prion
Prion
added 2016/07/11 1:59 a.m.15 views

Design/Logic Flaw

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.5CVSS6.9AI score0.00361EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/07/11 1:59 a.m.27 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS7.1AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2016/07/11 1:59 a.m.4 views

UBUNTU-CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted...

7.8CVSS7.1AI score0.00361EPSS
Exploits0References3
CNVD
CNVD
added 2016/07/07 12:0 a.m.5 views

Cisco AMP Threat Grid Unauthorized Access Vulnerability

Cisco AMP Threat Grid is the United States Cisco Cisco company's set of integrated static and dynamic malware analysis and threat intelligence in one solution. The program can help enterprises to analyze the behavior and intent of malware, the impact of the threat level and defense methods. An...

8.1CVSS7AI score0.0108EPSS
Exploits0References1
NVD
NVD
added 2016/06/08 5:59 p.m.23 views

CVE-2016-3708

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that 1 contain...

7.1CVSS6.9AI score0.01118EPSS
Exploits0References1
OSV
OSV
added 2016/05/22 1:59 a.m.5 views

UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

9.6CVSS7.2AI score0.04026EPSS
Exploits1References5
ICS
ICS
added 2016/04/17 6:0 a.m.60 views

Moxa MGate Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Moxa’s MGate products. Moxa has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Moxa reports that the vulnerability...

9.8CVSS9.7AI score0.01116EPSS
Exploits0References10
OSV
OSV
added 2016/04/13 4:59 p.m.4 views

DEBIAN-CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOT...

3.8CVSS6.2AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2016/04/13 4:59 p.m.4 views

UBUNTU-CVE-2016-3159

The fpufxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits...

3.8CVSS6.7AI score0.00399EPSS
Exploits0References3
n0where
n0where
added 2016/03/17 12:19 a.m.22 views

Adversary Resistant Computing Platform: SubgraphOS

Subgraph OS is an adversary resistant computing platform. The main purpose of Subgraph OS is to empower people to communicate, share, and collaborate without fear of surveillance and interference. What this means in practical terms is that users of Subgraph OS can safely perform their day-to-day...

7.3AI score
Exploits0References2
Rows per page
Query Builder