Lucene search
K

140 matches found

RedhatCVE
RedhatCVE
added 2020/12/18 5:9 p.m.24 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

5.3CVSS3.4AI score0.01512EPSS
Exploits1References4
NVD
NVD
added 2020/12/18 8:15 a.m.15 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

5.3CVSS5.5AI score0.01512EPSS
Exploits1References5
OSV
OSV
added 2020/12/18 8:15 a.m.20 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

5.3CVSS6.4AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/12/18 8:15 a.m.18 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

5.3CVSS6.4AI score0.01512EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/12/18 7:37 a.m.23 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

6AI score0.01512EPSS
Exploits1References5
CVE
CVE
added 2020/12/18 7:37 a.m.78 views

CVE-2020-35477

MediaWiki before 1.35.1 is affected by CVE-2020-35477. In certain flows (MediaWiki:Mainpage set to Special:MyLanguage/Main Page; visiting a log entry on Special:Log; and using the Change visibility of selected log entries toggle), a redirect to the main page history submit action occurs, instead ...

5.3CVSS5.9AI score0.01512EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2020/12/18 7:37 a.m.32 views

CVE-2020-35477

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...

5.3CVSS5.5AI score0.01512EPSS
Exploits1
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.7 views

MediaWiki 输入验证错误漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An input validation error vulnerability exists in MediaWiki versions prior to...

5.3CVSS6.4AI score0.01512EPSS
Exploits1References10
OSV
OSV
added 2020/09/11 3:15 a.m.3 views

CVE-2020-25255

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...

7.5CVSS7.2AI score0.0148EPSS
Exploits0References1
Prion
Prion
added 2020/09/11 3:15 a.m.20 views

Design/Logic Flaw

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service outage of connection-request processing via a long user ID, which triggers an excepti...

5CVSS7.3AI score0.0148EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2020/03/05 2:7 p.m.7 views

CVE-2019-10550

creationtimestamp| type| source ---|---|--- 2020-03-05 14:07:09+00:00| seen| https://t.me/cibsecurity/10308...

9.4CVSS8.6AI score0.00876EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/25 6:34 p.m.18 views

CVE-2019-7613

Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event...

7.5AI score0.01324EPSS
Exploits0References2
OSV
OSV
added 2017/07/27 6:29 a.m.19 views

CVE-2017-11675

The traverseStrictSanitize function in admindir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the adminname array parameter to...

8.8CVSS7.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/04/14 12:0 a.m.46 views

Cisco Firepower Threat Defense Device Manager Web UI Request Handling Arbitrary Log Entry Injection (cisco-sa-20170201-fpw2)

According to its version and configuration, the Cisco Firepower Threat Defense FTD software installed on the remote device is affected by an arbitrary log entry injection vulnerability in the Firepower Device Manager FDM due to improper validation of user-supplied input. An unauthenticated, remot...

5.3CVSS6AI score0.01479EPSS
Exploits0References2
OSV
OSV
added 2017/02/06 6:59 a.m.6 views

CVE-2017-5549

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

5.5CVSS7.6AI score
Exploits0References8
NVD
NVD
added 2017/02/06 6:59 a.m.12 views

CVE-2017-5549

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

5.5CVSS6.4AI score0.00432EPSS
Exploits0References8
Prion
Prion
added 2017/02/06 6:59 a.m.17 views

Design/Logic Flaw

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

2.1CVSS5.5AI score0.00432EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2017/02/06 6:4 a.m.37 views

CVE-2017-5549

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

5.5CVSS6.3AI score0.00432EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/02/06 12:0 a.m.17 views

CVE-2017-5549

The klsi105getlinestate function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log...

5.5CVSS6.8AI score0.00432EPSS
Exploits0References6
Atlassian
Atlassian
added 2015/12/01 10:36 a.m.20 views

Log forging vulnerability

It is possible to fake log entries in FishEye/Crucible logs, by sending specially crafted http requests containing a newline character. For example going to the url /changelog/asd%0AFake%20log%20entry will cause the following to be logged: code 2015-03-24 09:59:09,564 INFO qtp1610928748-315 fishe...

1.1AI score
Exploits0
Rows per page
Query Builder