Lucene search
K

57 matches found

Cvelist
Cvelist
added 2025/09/24 5:53 p.m.46 views

CVE-2025-20314

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper...

6.7CVSS0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.63 views

Cisco IOS XE 安全漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...

6.7CVSS6.8AI score0.00146EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-48738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: ops: Reject out of bounds values in sndsocputvolsw We don't currently validate that the values being set are within the range we advertised to userspace a...

7.1CVSS6.5AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.8 views

CVE-2020-0003

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...

6.7CVSS7.2AI score0.0014EPSS
Exploits0References1
Veracode
Veracode
added 2023/08/02 11:16 a.m.16 views

Improper Package Validation

pnpm is vulnerable to Improper Package Validation. The library has the ability to produce tarballs that are harmful when installed using pnpm but safe when installed using npm or the registry. As a result, when a package is installed via pnpm, a malicious version may replace the one that was...

9.8CVSS6.8AI score0.00941EPSS
Exploits1References6Affected Software8
NVD
NVD
added 2023/07/27 7:15 p.m.31 views

CVE-2023-38495

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

9.8CVSS8.9AI score0.00719EPSS
Exploits1References2
CVE
CVE
added 2021/12/14 3:31 p.m.35 views

CVE-2021-41067

The CVE-2021-41067 issue affects Listary up to version 6, caused by an improper update process and lack of package validation. Updates are fetched over a /check-update HTTP-based channel, enabling MITM manipulation of update packages and potentially resulting in installation of malicious content....

7.6CVSS7.4AI score0.00559EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/18 8:15 p.m.3 views

CVE-2021-34715

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

7.2CVSS7.2AI score0.01056EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:22 p.m.44 views

OS Command Injection in giting

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...

9.8CVSS6AI score0.02397EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.6 views

Cisco Iox 命令注入漏洞

Cisco IOS XE is an open and flexible operating system optimized for future work. A command injection vulnerability exists in Cisco IOS XE versions after 16.3.1. The vulnerability is due to incomplete validation of fields in application packages loaded into IOx. An attacker can exploit the...

8.5CVSS7.2AI score0.3539EPSS
Exploits1References5
OSV
OSV
added 2021/01/15 6:15 p.m.5 views

CVE-2021-0219

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...

6.7CVSS5.9AI score0.00704EPSS
Exploits0References1
Prion
Prion
added 2021/01/15 6:15 p.m.17 views

Command injection

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...

7.2CVSS6.8AI score0.00704EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 6:13 p.m.23 views

Malicious Package in nodes.js

All versions of nodes.js contain malicious code. The package searches and installs globally thousands of packages based on keywords node, react, react-native, vue, angular and babel to fill the system's memory. Recommendation Remove the package from your environment and validate what packages are...

4.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/03 6:15 p.m.3 views

CVE-2020-3238

A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...

8.1CVSS7.4AI score0.01235EPSS
Exploits0References1
CVE
CVE
added 2020/03/26 1:0 p.m.101 views

CVE-2019-15795

The CVE concerns python-apt (apt/package.py) where MD5 hashes were used to validate downloaded files in Version.fetch_binary() and Version.fetch_source(), affecting 1.9.0ubuntu1 and earlier. This trust gap creates a potential MITM path to install altered packages. The issue is resolved in fixed r...

4.7CVSS4.4AI score0.0044EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/01/22 6:15 p.m.2 views

USN-4247-1 python-apt vulnerabilities

It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. CVE-2019-15795 It was discovered that python-apt could...

4.7CVSS5.8AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2020/01/08 7:15 p.m.6 views

CVE-2020-0003

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...

6.7CVSS7AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2020/01/08 7:15 p.m.16 views

CVE-2020-0003

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...

6.7CVSS6.8AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 2020/01/08 6:30 p.m.59 views

CVE-2020-0003

CVE-2020-0003 affects Android 8.0 when the framework’s InstallStart.java onCreate contains a time‑of‑check time‑of‑use packaging validation bypass. The issue could allow a local elevation of privilege with user interaction required, via a vulnerability in the Android Framework. Public details ind...

6.7CVSS6.7AI score0.0014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/08 6:30 p.m.19 views

CVE-2020-0003

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...

7AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder