Lucene search
K

63 matches found

NVD
NVD
added 2023/10/10 11:15 a.m.34 views

CVE-2023-44315

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...

5.4CVSS4.9AI score0.00296EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/10 10:21 a.m.38 views

CVE-2023-44315

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...

4.7CVSS5.3AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.4 views

Siemens SINEMA Server 跨站脚本漏洞

Siemens SINEMA Server is a software from Siemens, Germany, developed specifically for industrial applications. It enables you to fully visualize and monitor your network. A cross-site scripting vulnerability exists in Siemens SINEMA Server V14 due to an affected application incorrectly clearing...

9CVSS6.8AI score0.00594EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.6 views

PT-2023-7123 · Siemens · Sinema Server

Name of the Vulnerable Software and Affected Versions: SINEMA Server V14 All versions Description: A vulnerability has been identified in the SINEMA Server application, where it improperly sanitizes certain SNMP configuration data retrieved from monitored devices. This could allow an attacker wit...

10CVSS8.8AI score0.00594EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/25 4:15 p.m.42 views

CVE-2023-38201 Keylime: challenge-response protocol bypass during agent registration

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...

6.5CVSS6.6AI score0.00463EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/07/10 12:57 p.m.5 views

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including securi...

6.3AI score
Exploits0
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

Softing uaToolkit Embedded 安全漏洞

Softing UaToolkit Embedded is used to support the development of embedded Opc Ua applications via client/server and publisher/subscriber communication by Softing Germany. A security vulnerability exists in Softing uaToolkit Embedded prior to version 1.41, which stems from an incorrectly formatted...

7.5CVSS7.3AI score0.0088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.6 views

PT-2023-1148 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...

8.8CVSS8.2AI score0.00161EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2022/12/05 12:0 a.m.37 views

net-mgmt/cacti is vulnerable to remote command injection

cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...

9.8CVSS3.9AI score0.99826EPSS
Exploits48References1
ATTACKERKB
ATTACKERKB
added 2022/11/08 12:0 a.m.32 views

CVE-2022-31199

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and...

9.8CVSS10AI score0.36009EPSS
In wildExploits1References2
OSV
OSV
added 2022/09/15 3:35 a.m.6 views

GHSA-FPH9-F5R6-VHQF Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)

Impact Denial of Service Details OPC UA specification describes a concept named Subscriptions. Subscriptions monitor a set of Monitored Items for Notifications and return them to the Client in response to Publish requests. The server notifies the client about changes only in case the value is...

7.5CVSS7.1AI score0.01018EPSS
Exploits0References7
Prion
Prion
added 2022/09/08 4:15 p.m.17 views

Design/Logic Flaw

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...

5CVSS5.3AI score0.00603EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/09/08 3:31 p.m.55 views

CVE-2022-27968

Cynet 360 Web Portal prior to v4.5 is vulnerable. Affected component: the GET endpoint /WebApp/SettingsFileMonitor/GetFileMonitorProfiles allows attackers to access a list of monitored files and profiles through a crafted request. Root cause: insufficient access control on the GetFileMonitorProfi...

5.3CVSS5.3AI score0.00603EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/06/17 1:15 p.m.15 views

Design/Logic Flaw

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery enterprise editions only were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the us...

7.2CVSS7.8AI score0.00201EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/27 1:15 a.m.10 views

Authentication flaw

WebAccess/NMS Versions prior to v3.0.3Build6299 has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS...

5CVSS5.3AI score0.0089EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2021/08/04 11:23 p.m.20 views

CVE-2021-20028

creationtimestamp| type| source ---|---|--- 2021-08-04 23:23:38+00:00| seen| https://t.me/cibsecurity/26843 2022-01-26 18:54:27+00:00| published-proof-of-concept| https://t.me/arvinclub/5154 2022-02-13 11:48:22+00:00| seen| https://t.me/breachdetector/45993 2023-06-14 21:10:04+00:00| seen|...

9.8CVSS7AI score0.30084EPSS
In wildExploits0References9
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.5 views

McAfee 数据库 跨站脚本漏洞

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...

5.9CVSS5.7AI score0.00501EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/11 12:0 a.m.6 views

openGauss: Avoiding Asterisks (*) or 0.0.0.0 in Monitored IP Addresses

Monitored IP addresses must not contain asterisks or 0.0.0.0 because an asterisk or 0.0.0.0 indicates that all available IP addresses will be monitored. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.3AI score
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.184 views

System Center 2012 Operations Manager SP1 Update Rollup 5

System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2019/06/29 4:48 p.m.102 views

Xymon Daemon Gather Information

This module retrieves information from a Xymon daemon service formerly Hobbit, based on Big Brother, including server configuration information, a list of monitored hosts, and associated client log for each host. This module also retrieves usernames and password hashes from the xymonpasswd config...

7.5CVSS8.8AI score0.17852EPSS
Exploits3
Rows per page
Query Builder