Lucene search
K

344 matches found

OSV
OSV
added 2023/08/25 10:15 p.m.5 views

CVE-2023-39287

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit...

5.5CVSS5.8AI score0.00509EPSS
Exploits0References2
Prion
Prion
added 2023/06/30 10:15 p.m.22 views

Input validation

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

3.2CVSS6.7AI score0.00362EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.3 views

libcap 输入验证错误漏洞

libcap is a package of network data capture functions from the individual developer Michael Kerrisk. A security vulnerability exists in libcap, which stems from an integer overflow that can occur if the input string is close to 4GiB...

7.8CVSS6.7AI score0.00574EPSS
Exploits1References16
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.6 views

Stimulsoft GmbH Stimulsoft Designer 代码问题漏洞

Stimulsoft GmbH Stimulsoft Designer is a robust product from Stimulsoft that runs on any computer and any platform. Engine, report designer and viewer for generating reports and analyzing data. A security vulnerability exists in Stimulsoft Designer Web version 2023.1.3, which stems fromThe...

7.5CVSS7.3AI score0.01084EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.6 views

The vulnerability of the PowerScale OneFS operating systems is related to weak password cryptography for NDMP. This allows attackers to gain full control over the system.

The vulnerability of the PowerScale OneFS operating system is related to the weak cryptography used for NDMP password protection. Exploiting this vulnerability could allow an attacker to gain full control over the system...

7.8CVSS7.2AI score0.00191EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...

10CVSS8.2AI score0.77806EPSS
Exploits23References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.3 views

SUSE CVE-2015-5825

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...

4.3CVSS6.2AI score0.02022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.2 views

SUSE CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...

7.4CVSS7.4AI score0.00569EPSS
Exploits0References3
Kitploit
Kitploit
added 2023/01/07 11:30 a.m.47 views

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

7.5AI score
Exploits0References8
CNNVD
CNNVD
added 2022/12/03 12:0 a.m.5 views

Apache Commons Net 输入验证错误漏洞

Apache Commons Net is the United States Apache Apache company a library. It implements many of the basic Internet Protocol clients. An input validation error vulnerability exists in Apache Commons Net versions prior to 3.9.0, which stems from the fact that the Net's FTP client trusts a host from ...

6.5CVSS6.5AI score0.01858EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.5 views

PT-2022-6324 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to a weak encoding for a NDMP password in Dell PowerScale OneFS. A malicious and privileged local attacker could potentially exploit this, leading to a full...

7.8CVSS7.5AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2022/09/13 8:15 p.m.22 views

CVE-2022-20399

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS0.00092EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/13 8:15 p.m.4 views

CVE-2022-20399

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS5.9AI score0.00092EPSS
Exploits0References2
Prion
Prion
added 2022/09/13 8:15 p.m.33 views

Information disclosure

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

1.7CVSS5.1AI score0.00092EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/13 7:15 p.m.23 views

CVE-2022-20399

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.3AI score0.00092EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/13 2:54 p.m.8 views

CVE-2022-38100 Contec Health CMS8000

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...

7.5CVSS6.9AI score0.00768EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.19 views

PT-2022-14625 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to the SEPolicy configuration of system apps, which allows access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data without...

5.5CVSS5.1AI score0.00092EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 3:15 p.m.1 views

CVE-2022-38701

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information...

3.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.7 views

PT-2022-24536 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is a heap overflow vulnerability that can be triggered by local attackers, allowing them to obtain network sensitive information. Recommendations: For OpenHarmony versions prior to...

6.2CVSS7AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.4 views

OpenHarmony 缓冲区错误漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony v3.1.2 and earlier versions, which stems from the presence of a heap overflow vulnerability that could allow a local attacker to trigger a...

6.2CVSS5AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder