Lucene search
+L

49 matches found

RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.6 views

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

7.8CVSS5.8AI score0.00303EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2022/09/02 11:0 a.m.19 views

A Windows 11 Automation Tool Can Easily Be Hijacked

Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first...

4.2AI score
Exploits0
OSV
OSV
added 2022/08/04 3:56 p.m.9 views

USN-5549-1 python-django vulnerability

It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...

8.8CVSS7.1AI score0.00657EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:26 p.m.12 views

GHSA-C7W7-9C85-4QXV OpenStack Nova Live migration fails to update persistent domain XML

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

8.7CVSS8.2AI score0.01715EPSS
Exploits1References11
OSV
OSV
added 2022/05/13 1:32 a.m.26 views

GHSA-4W62-CQ5R-5MMQ express-cart unrestricted file upload vulnerability

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...

8.8CVSS8.7AI score0.2745EPSS
Exploits1References3
OSV
OSV
added 2021/10/06 6:15 p.m.3 views

CVE-2021-38923

IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162...

9.1CVSS7.3AI score0.01022EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.2 views

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualized environment for applications built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM PowerVM...

9.1CVSS7.7AI score0.01022EPSS
Exploits0References4
Fedora
Fedora
added 2021/09/07 7:8 p.m.41 views

[SECURITY] Fedora 35 Update: libguestfs-1.45.7-2.fc35

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/05/11 8:54 p.m.26 views

CVE-2021-3533

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory . When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...

5CVSS4AI score
Exploits0References2
Citrix
Citrix
added 2020/11/09 12:0 a.m.14 views

Citrix UPM Log Parser

Citrix UPM Log Parser v1.5 Created Date: Oct 8, 2009 Modified Date: Oct 4, 2016 Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools Description Citrix UPM Log Parser has been designed to hel...

6.8AI score
Exploits0
CVE
CVE
added 2020/10/19 8:42 p.m.96 views

CVE-2020-10746

Infinispan Server Runtime (org.infinispan:infinispan-server-runtime) version 10 is described as allowing local access to controls via REST and HotRod APIs, enabling a locally authenticated user to perform all cache operations including creation, update, deletion, and shutdown of the entire server...

6.1CVSS6AI score0.00236EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/18 3:15 p.m.19 views

Code injection

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

4.4CVSS6.5AI score0.00288EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/16 5:15 p.m.6 views

CVE-2020-3990

VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from...

6.5CVSS5.7AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2020/04/15 7:15 a.m.20 views

CVE-2020-10507

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...

9.8CVSS9.6AI score0.01197EPSS
Exploits0References2
Prion
Prion
added 2020/04/15 7:15 a.m.10 views

Unrestricted file upload

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...

7.5CVSS9.4AI score0.01197EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/15 6:15 a.m.24 views

CVE-2020-10507 ALLE INFORMATION CO., LTD. School Manage System - Security Misconfiguration

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...

9.8CVSS9.6AI score0.01197EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/10 3:59 p.m.53 views

CVE-2020-10255

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

8.9AI score0.02515EPSS
Exploits0References6
OSV
OSV
added 2019/04/01 9:30 p.m.5 views

CVE-2019-5519

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...

6.8CVSS7.1AI score0.01004EPSS
Exploits0References5
Cvelist
Cvelist
added 2018/06/07 9:0 p.m.18 views

CVE-2018-3758

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...

8.7AI score0.2745EPSS
Exploits1References1
OSV
OSV
added 2018/03/27 3:29 a.m.4 views

CVE-2018-9039

In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...

6.5CVSS5.8AI score0.01045EPSS
Exploits1References2
Rows per page
Query Builder