Lucene search
K

469 matches found

Cvelist
Cvelist
added 2019/10/14 2:19 p.m.28 views

CVE-2019-9745

CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service Recognition Update Client Service via an insecure communication channel Named Pipe. The data JSON sent via this channel is used to import data from...

7.8AI score0.0047EPSS
Exploits2References2
NVD
NVD
added 2019/10/10 10:15 p.m.22 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.5AI score0.0558EPSS
Exploits1References11
Prion
Prion
added 2019/10/10 10:15 p.m.21 views

Design/Logic Flaw

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

7.5CVSS9.3AI score0.0558EPSS
Exploits1References11Affected Software6
Prion
Prion
added 2019/10/09 4:15 p.m.22 views

Code injection

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...

4CVSS6.6AI score0.01337EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/04 8:20 p.m.46 views

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

5CVSS6.7AI score0.02374EPSS
Exploits0References3
NVD
NVD
added 2019/09/30 1:15 p.m.10 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS9.7AI score0.01482EPSS
Exploits1References1
OSV
OSV
added 2019/09/30 1:15 p.m.3 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.8CVSS7.4AI score0.01482EPSS
Exploits1References1
Prion
Prion
added 2019/09/30 1:15 p.m.9 views

Sql injection

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

7.5CVSS9.5AI score0.01482EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/30 12:35 p.m.7 views

CVE-2019-16999

CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...

9.7AI score0.01482EPSS
Exploits1References1
NVD
NVD
added 2019/09/25 9:15 p.m.23 views

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

5.4CVSS5.2AI score0.00661EPSS
Exploits1References1
OSV
OSV
added 2019/09/25 9:15 p.m.15 views

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

5.4CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2019/09/25 9:15 p.m.15 views

Hardcoded credentials

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

3.5CVSS5.1AI score0.00661EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/25 8:17 p.m.23 views

CVE-2019-16890

Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments...

5.2AI score0.00661EPSS
Exploits1References1
NVD
NVD
added 2019/09/08 5:15 p.m.23 views

CVE-2019-16099

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...

8.8CVSS8.6AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2019/09/08 5:15 p.m.4 views

CVE-2019-16099

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...

8.8CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2019/09/08 5:15 p.m.13 views

Cross site request forgery (csrf)

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...

6.8CVSS8.5AI score0.00614EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/09/08 5:15 p.m.10 views

Code injection

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI...

5CVSS5.3AI score0.0149EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/08 4:37 p.m.19 views

CVE-2019-16099

Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file...

8.6AI score0.00614EPSS
Exploits1References1
CVE
CVE
added 2019/09/08 4:37 p.m.82 views

CVE-2019-16101

CVE-2019-16101 affects Silver Peak EdgeConnect SD-WAN prior to version 8.1.7.x. The issue allows remote attackers to trigger the REST API by sending malformed JSON (e.g., to rest/json/banners), potentially causing the system to leak sensitive stack traces. Impact is information disclosure via sta...

5.3CVSS5.3AI score0.0149EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/21 12:0 a.m.42 views

Debian DLA-1892-1 : flask security update

Flask, a micro web framework for Python contains a CWE-20: Improper Input Validation vulnerability that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. For Debian 8...

7.5CVSS6.2AI score0.03855EPSS
Exploits1References3
Rows per page
Query Builder