Lucene search
+L

366 matches found

ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.31 views

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Recent assessments: cbeek-r7 at September 06, 2024 6:04pm UTC reported: On September 5th 2024, CISA...

10CVSS9.6AI score0.99871EPSS
In wildExploits13References4
Cvelist
Cvelist
added 2021/09/14 11:24 a.m.26 views

CVE-2021-38177

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP syst...

7.5CVSS7.8AI score0.03223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/09/07 12:0 a.m.6 views

PT-2021-20028

Name of the Vulnerable Software and Affected Versions Dahua IP Camera firmware versions 2.820.0000000.5.r.210705 Description The issue is related to an identity authentication bypass during the login process. Attackers can construct malicious data packets to bypass device identity authentication...

10CVSS7.9AI score0.99556EPSS
Exploits9References28
OSV
OSV
added 2021/08/10 3:15 p.m.4 views

CVE-2021-33702

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets...

6.1CVSS6.8AI score0.01482EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

SAP Enterprise Portal 跨站脚本漏洞

SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information and business processes across organizational and technology boundaries. SAP Enterprise Portal suffers from a cross-site scripting...

8.3CVSS6.8AI score0.01482EPSS
Exploits0References8
Veracode
Veracode
added 2021/08/02 7:37 a.m.21 views

Arbitrary Code Execution

concrete5/concrete5 is vulnerable to arbitrary code execution. An attacker is able to submit malicious data to the function Logging::updatelogging in logging.php via logFile request parameter, to execute arbitrary code via unsafe deserialization...

7.2CVSS7.3AI score0.0368EPSS
Exploits1References6Affected Software2
CNVD
CNVD
added 2021/07/09 12:0 a.m.9 views

QSAN SANOS Injection Vulnerability

QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed into any infrastructure. An injection vulnerability exists in QSAN SANOS, which stems from the product's setting page not filtering user-entered...

9.8CVSS7.8AI score0.01924EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/29 12:0 a.m.4 views

Nodemailer 注入漏洞

Nodemailer is a JS codebase from the Nodemailer team that provides the ability to send emails. An injection vulnerability exists in Nodemailer due to a lack of security checks on the HTTP Header. An attacker could trigger abnormal behavior on the target system via malicious data containing line...

8.8CVSS7.9AI score0.01381EPSS
Exploits1References4
OSV
OSV
added 2021/06/23 6:14 p.m.27 views

GHSA-C38G-469G-CMGX Improper Neutralization of Special Elements in Output in helm.sh/helm/v3

Since Helm 2 was released, a well-documented aspect of Helm is that the Helm chart's version number MUST follow the SemVer2 specification. In the past, Helm would not permit charts with malformed versions. At some point, a patch was merged that changed this - On a version parse error, the version...

6.5CVSS6.8AI score0.0103EPSS
Exploits0References7
Nextcloud
Nextcloud
added 2021/06/01 6:13 p.m.212 views

Attacker can obtain write access to any federated share/public link

None...

9.1CVSS8.4AI score0.01849EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.6 views

Snort 安全漏洞

Snort is a Snort open source application. Provides a set of rules to help define malicious network activity and uses these rules to find packets that match it and generate alerts for the user. Snort has a security vulnerability that can be exploited by attackers to bypass filtering rules in order...

5.8CVSS5.9AI score0.01072EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/18 12:0 a.m.3 views

IBM Cloud Pak for Security Malicious Data Injection Vulnerability

IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A malicious data injection vulnerability exists in IBM Cloud Pak for Security...

4CVSS6.8AI score0.00725EPSS
Exploits0References1
OSV
OSV
added 2021/05/14 5:15 p.m.4 views

CVE-2020-4811

IBM Cloud Pak for Security CP4S 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation...

2.4CVSS7.3AI score0.00725EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/14 4:15 p.m.22 views

CVE-2020-4811

IBM Cloud Pak for Security CP4S 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation...

2.4CVSS3.5AI score0.00725EPSS
Exploits0References2
0day.today
0day.today
added 2021/02/24 12:0 a.m.19 views

jsonpickle 2.0.0 Python library - Remote Code Execution Exploit

Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source language. jsonickle...

7.4AI score
Exploits0
Prion
Prion
added 2021/02/19 2:15 p.m.14 views

Design/Logic Flaw

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

9.3CVSS9.4AI score0.02697EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/02/01 2:15 p.m.29 views

Buffer overflow

ASUS RT-AX86U router firmware below version under 9.0.0.4386 has a buffer overflow in the blockingrequest.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data...

7.5CVSS9.8AI score0.04207EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/02/01 1:14 p.m.35 views

CVE-2020-36109

ASUS RT-AX86U router firmware below version under 9.0.0.4386 has a buffer overflow in the blockingrequest.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data...

9.9AI score0.04207EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/05 12:0 a.m.15 views

PT-2022-4817 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a boundary error when setting a font with malicious data using the ioctl cmd PIO FONT, which can cause the kernel to write memory out of bounds. This can...

9.8CVSS7.1AI score0.89063EPSS
Exploits269References1244
CNVD
CNVD
added 2020/10/16 12:0 a.m.8 views

Microsoft Windows Hyper-V Denial of Service Vulnerability (CNVD-2021-08835)

Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. The software allows the creation of virtual hard drives, virtual switches, and many other virtual devices. A denial of service vulnerability exists in Microsoft Windows Hyper-V. The vulnerability stems...

7.8CVSS8.6AI score0.009EPSS
Exploits0References1
Rows per page
Query Builder