Lucene search
K

469 matches found

Packet Storm
Packet Storm
added 2022/09/20 12:0 a.m.344 views

Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Date: 2022-08-11 Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.147 views

Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Date: 2022-08-11 Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An...

7.4AI score
Exploits0
OSV
OSV
added 2022/09/16 10:15 a.m.1 views

DEBIAN-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

7.5CVSS6.8AI score0.01256EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/08/18 7:19 p.m.39 views

PocketMine-MP invalid skin geometry JSON data leading to server crash

Impact pocketmine\entity\Skin doesn't correctly handle errors produced by adhocore/json-comment, which throws RuntimeException rather than returning false as PocketMine-MP expects. This leads to a server crash if the skin geometry data is invalid for some reason e.g. a syntax error. Patches...

2.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.35 views

Remote code execution in PATCH requests in Spring Data REST

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 can use specially crafted JSON data to run arbitrary Java code...

9.8CVSS5.9AI score0.72782EPSS
Exploits8References8Affected Software1
Veracode
Veracode
added 2022/02/09 4:55 p.m.24 views

Information Disclosure

microweber is vulnerable to information disclosure. The vulnerability exists due to the lack of sanitization of the error message via the json.data...

6.5CVSS2.4AI score0.01151EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/21 11:32 p.m.19 views

GHSA-FXMX-PFM2-85M2 Cross-site Scripting in Ericsson CodeChecker

In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS6AI score0.01626EPSS
Exploits1References10
NVD
NVD
added 2022/01/18 3:15 p.m.20 views

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS0.01626EPSS
Exploits1References5
OSV
OSV
added 2022/01/18 3:15 p.m.33 views

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS5.7AI score0.01626EPSS
Exploits1References5
Prion
Prion
added 2022/01/18 3:15 p.m.13 views

Cross site scripting

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

4.3CVSS5.9AI score0.01626EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/12/20 4:58 p.m.18 views

GHSA-RF3M-MHV7-X39F Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

4.3CVSS6.2AI score0.01952EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/12/20 4:58 p.m.44 views

Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

4CVSS6.1AI score0.01952EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/12/03 11:4 a.m.6 views

SUSE-SU-2021:3906-1 Security Beta update for Salt

This update fixes the following issues: salt: - Remove wrong parsecpename from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names bsc1190114 - Fix ip6interface grain to not leak secondary IPv4 aliases bsc1191412 - Do not conside...

7.5CVSS7.8AI score0.03449EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2021/12/01 12:0 a.m.5 views

PT-2021-23940 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse affected versions not specified Description: The issue affects Discourse, an open source discussion platform, where an attacker can poison the cache for anonymous users. This results in the users being shown a JSON blob instead of t...

5.3CVSS4.8AI score0.01016EPSS
Exploits0References7
Hacker One
Hacker One
added 2021/11/22 9:44 a.m.201 views

Dropbox: Full Response SSRF via Google Drive

This researcher pointed out that HelloSign's Google Drive doc export feature had a URL parsing issue that could allow extra parameters to be passed to Google Drive API. By making use of an extra parameter in the Google Drive API, it was possible for researchers to force HelloSign to parse externa...

0.1AI score
Exploits0
OSV
OSV
added 2021/11/05 4:55 p.m.8 views

SUSE-SU-2021:3621-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: grafana-formula: - Version 0.4.2 Add SSH blackbox status check panel to clients dashboard Migrate deprecated panels in clients dashboard prometheus-formula: - Version 0.3.4 Fix opening Prometheus ports on proxy - Version 0.3.3 Add Prometheus targets...

7.5CVSS7.7AI score0.03449EPSS
Exploits0References23
OSV
OSV
added 2021/11/02 1:7 p.m.6 views

OPENSUSE-SU-2021:1443-1 Security update for salt

This update for salt fixes the following issues: - Support querying for JSON data in external sql pillar. - Exclude the full path of a download URL to prevent injection of malicious code. bsc1190265, CVE-2021-21996 This update was imported from the SUSE:SLE-15-SP2:Update update project...

7.5CVSS7.7AI score0.03449EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/11/02 12:0 a.m.28 views

Security update for salt (moderate)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:1443-1 Rating: moderate References: 1190265 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 SUSE: 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 An update that...

4.2CVSS7.5AI score0.03449EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/10/28 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2021:3553-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.03449EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/10/28 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2021:3555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.03449EPSS
Exploits0References4
Rows per page
Query Builder