Lucene search
K

5122 matches found

CVE
CVE
added 2018/07/27 4:0 a.m.157 views

CVE-2018-14612

CVE-2018-14612 affects the Linux kernel (through 4.17.10) with an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image. The root cause is lack of validation in btrfs_read_block_groups (fs/btrfs/extent-tree.c) and missing empty-tree checks in check_leaf (fs/btrfs/tr...

7.1CVSS5.8AI score0.0259EPSS
Exploits1References11Affected Software1
Debian CVE
Debian CVE
added 2018/07/27 4:0 a.m.40 views

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

7.1CVSS6.3AI score0.0259EPSS
Exploits1
NVD
NVD
added 2018/07/26 5:29 p.m.26 views

CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

5.5CVSS5.7AI score0.00376EPSS
Exploits0References10
Prion
Prion
added 2018/07/26 5:29 p.m.24 views

Design/Logic Flaw

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...

2.1CVSS7.1AI score0.00376EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2018/07/26 5:0 p.m.131 views

CVE-2017-12167

CVE-2017-12167 affects Red Hat JBoss EAP 7.x prior to 7.0.9. The flaw is in properties-based files used for management and application realm configuration where user-to-role mappings are world-readable, enabling information disclosure of users/roles to any authenticated user. Connected advisories...

5.5CVSS7AI score0.00376EPSS
Exploits0References10Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2018/07/26 12:0 a.m.11 views

(0Day) Wecon LeviStudioU addrmapping DstAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

9.3CVSS5AI score0.01947EPSS
Exploits0References1
OSV
OSV
added 2018/07/09 8:29 p.m.3 views

CVE-2018-13790

A Server Side Request Forgery SSRF vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page...

7.2CVSS6.6AI score
Exploits0References1
Kitploit
Kitploit
added 2018/07/08 10:3 p.m.37 views

Trackerjacker - Like Nmap For Mapping Wifi Networks You'Re Not Connected To, Plus Device Tracking

Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring. PyPI page: https://pypi.python.org/pypi/trackerjacker Install pip3 install trackerjacker Supported platforms : Linux tested on Ubuntu, Kali, and RPi and macOS...

6.9AI score
Exploits0References1
Prion
Prion
added 2018/07/06 5:29 p.m.19 views

Race condition

In the FastRPC driver in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails...

4.6CVSS8.4AI score0.00186EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2018/06/30 9:29 a.m.64 views

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/06/30 9:29 a.m.1 views

Researchers Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE, also known as the 4G network, you need to beware as your network communication can be hijacked remotely. A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2018/06/25 2:9 p.m.212 views

Amass - In-depth Subdomain Enumeration

The Amass tool performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names and reverse DNS sweeping to obtain additional subdomain names. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks...

7AI score
Exploits0References2
OSV
OSV
added 2018/06/20 1:29 p.m.2 views

DEBIAN-CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

5.3CVSS7.3AI score0.07291EPSS
Exploits5References1
Trellix
Trellix
added 2018/06/18 12:0 a.m.12 views

Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses

ARCHIVED STORY Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses By Trellix · June 18, 2018 Every week we read about adversaries attacking their targets as part of online criminal campaigns. Information gathering, strategic advantage, and theft of intellectual property are some of the...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/06/12 12:0 a.m.5 views

PT-2018-3011 · Red Hat · Cloudforms

Name of the Vulnerable Software and Affected Versions: CloudForms versions 5.8 through 5.9 Description: A flaw was found in CloudForms's v2v infrastructure mapping delete feature, allowing for a stored cross-site scripting attack due to improper sanitization of user input in the Name field. The...

7.5CVSS5.7AI score0.00608EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/12 12:0 a.m.2 views

S3QL Replay Attack Vulnerability

S3QL is a file system for storing online data. The system supports Amazon S3, SFTP servers, and more. A security vulnerability exists in the 'checksumbasicmapping' function in S3QL versions prior to 2.27. An attacker can exploit the vulnerability to display an old version of the metadata database...

7.5CVSS7.4AI score0.01885EPSS
Exploits1References1
NVD
NVD
added 2018/05/31 8:29 p.m.29 views

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

9.8CVSS9.6AI score0.01913EPSS
Exploits0References2
NVD
NVD
added 2018/05/31 8:29 p.m.34 views

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

9.8CVSS9.7AI score0.01285EPSS
Exploits0References2
Prion
Prion
added 2018/05/31 8:29 p.m.13 views

Code injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

7.5CVSS7.6AI score0.01913EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/31 8:29 p.m.11 views

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

7.5CVSS8.1AI score0.01285EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder