Lucene search
K

25 matches found

OSV
OSV
added 2026/03/27 6:17 p.m.2 views

GHSA-99HJ-44VG-HFCP Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/27 6:17 p.m.17 views

Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20848 · Siemens · Sirius 3Rk3 Modular Safety System +1

Name of the Vulnerable Software and Affected Versions: SIRIUS 3RK3 Modular Safety System MSS All versions SIRIUS Safety Relays 3SK2 All versions Description: A vulnerability has been identified where affected devices only provide weak password obfuscation. An attacker with network access could...

8.7CVSS6.5AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-4247 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the Server: Thread Pooling componen...

9.1CVSS7AI score0.16212EPSS
Exploits3References331
Vulnrichment
Vulnrichment
added 2024/02/02 4:2 p.m.15 views

CVE-2023-32967 QTS, QuTScloud

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the...

5CVSS6.5AI score0.00329EPSS
Exploits0References1
CVE
CVE
added 2023/11/02 1:1 p.m.67 views

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/20 12:0 a.m.6 views

PT-2020-4527 · Mysql Server +9 · Mysql Server +9

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.49 and prior MySQL Server versions 5.7.31 and prior MySQL Server versions 8.0.21 and prior Description: The issue is related to insufficient input validation in the Server: Locking component of MySQL Server, allowing...

10CVSS7.1AI score0.88077EPSS
Exploits128References1477
Positive Technologies
Positive Technologies
added 2020/04/14 12:0 a.m.9 views

PT-2020-2401 · Oracle +10 · Mysql Server +9

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.29 and prior MySQL Server versions 8.0.19 and prior Description: The issue is related to the InnoDB component of the MySQL Server product, which is part of Oracle MySQL. It allows a high-privileged attacker with...

10CVSS6.9AI score0.6773EPSS
Exploits105References1099
Positive Technologies
Positive Technologies
added 2020/03/23 12:0 a.m.4 views

PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer version 6.5 Description: An issue was discovered in Zoho ManageEngine AssetExplorer during an upgrade of the Windows agent, where it does not validate the source and binary downloaded. This allows an attacker o...

6.4CVSS6.5AI score0.01557EPSS
Exploits3References5
ICS
ICS
added 2018/12/11 12:0 a.m.70 views

Siemens TIM 1531 IRC Modules

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...

10CVSS9.8AI score0.02796EPSS
Exploits0References9
ICS
ICS
added 2018/11/13 12:0 a.m.410 views

ICSA-18-317-07 Siemens SIMATIC IT Production Suite

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC IT Production Suite Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and...

9.3CVSS8.3AI score0.02656EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2016/02/29 12:0 a.m.70 views

SOL00329831 - Multiple NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5.8CVSS0.6AI score0.05823EPSS
Exploits1References9
Prion
Prion
added 2015/04/28 10:59 p.m.22 views

Design/Logic Flaw

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

5CVSS6.6AI score0.01966EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/04/28 10:59 p.m.12 views

CVE-2015-1150

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

5CVSS6.1AI score0.01966EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/04/28 10:0 p.m.21 views

CVE-2015-1150

The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...

3.5AI score0.01966EPSS
Exploits0References3
CERT
CERT
added 2012/11/07 12:0 a.m.43 views

Agile FleetCommander and FleetCommander Kiosk versions prior to 4.08 contain multiple vulnerabilities

Overview Agile FleetCommander and FleetCommander Kiosk were found to have multiple XSS, CSRF, information disclosure and SQLi vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-4941SQL Injection Vulnerabilities:...

10CVSS8.5AI score0.03836EPSS
Exploits0References8
NVD
NVD
added 2010/10/19 10:0 p.m.21 views

CVE-2010-3561

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle...

7.5CVSS7.3AI score0.03356EPSS
Exploits0References27
Prion
Prion
added 2010/10/19 10:0 p.m.26 views

Design/Logic Flaw

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle...

7.5CVSS8.2AI score0.03356EPSS
Exploits0References27Affected Software2
Tenable Nessus
Tenable Nessus
added 2008/06/24 12:0 a.m.32 views

RHEL 2.1 : IBMJava2 (RHSA-2008:0133)

IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A buffer overflow was found in the Java Runtime Environment...

6.8CVSS6.2AI score0.18185EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2008/05/22 12:0 a.m.34 views

GLSA-200805-18 : Mozilla products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200805-18 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser...

9.3CVSS9AI score0.08633EPSS
Exploits10References25
Rows per page
Query Builder