Lucene search
K

4606 matches found

Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.5 views

PT-2023-23516 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: The issue is related to an out-of-memory problem in the malloc function. Recommendations: For Jerryscript version 3.0 commit 05dbbd1, consider restricting memory allocation to prevent...

5.5CVSS5.2AI score0.00331EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.3 views

PT-2023-23519 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0 commit 05dbbd1 Description: An Assertion Failure was discovered in Jerryscript via the jcontext raise exception at jerry-core/jcontext/jcontext.c. Recommendations: For Jerryscript version 3.0 commit 05dbbd1, consider...

5.5CVSS5.2AI score0.00332EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.4 views

PT-2023-15758 · Unknown · Modem Control Device

Name of the Vulnerable Software and Affected Versions: Modem control device affected versions not specified Description: The issue is related to a possible out of bounds write due to a missing bounds check in the modem control device. This could lead to local denial of service and requires System...

4.4CVSS4.5AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.4 views

PT-2023-19999 · Unknown · Control Id Rhid

Name of the Vulnerable Software and Affected Versions: Control iD RHiD version 23.3.19.0 Description: A critical vulnerability has been found in Control iD RHiD, affecting an unknown part of the file /v2//. The manipulation leads to direct request and can be initiated remotely. The vendor was...

9.8CVSS6.6AI score0.00447EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2023/05/03 4:8 p.m.21 views

CVE-2023-1652 affecting package kernel for versions less than 5.15.107.1-2

CVE-2023-1652 affecting package kernel for versions less than 5.15.107.1-2. A patched version of the package is available...

7.1CVSS7.3AI score0.00246EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/05/03 4:8 p.m.12 views

CVE-2023-1989 affecting package kernel for versions less than 5.15.107.1-2

CVE-2023-1989 affecting package kernel for versions less than 5.15.107.1-2. A patched version of the package is available...

7.1CVSS6.5AI score0.00387EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.6 views

PT-2023-2523 · Frrouting +3 · Frrouting +3

Name of the Vulnerable Software and Affected Versions: FRRouting versions through 8.4 Description: An issue in bgpd allows attackers to cause a denial of service by crafting a BGP OPEN message with an option of type 0xff, leading to inconsistent boundary checks and potential out-of-bounds read or...

9.8CVSS6.6AI score0.02152EPSS
Exploits3References66
OSV
OSV
added 2023/05/02 1:15 p.m.7 views

CVE-2023-2475

A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has bee...

5.4CVSS3.5AI score0.00522EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.8 views

PT-2023-15510 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to...

9.1CVSS7.4AI score0.38108EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.3 views

PT-2023-15509 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: A Stored cross-site scripting issue allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module log. This enables attackers to execute malicious scripts on...

9.6CVSS6.2AI score0.02631EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2023/05/01 12:0 a.m.3 views

PT-2023-22357 · Tenda · Tenda N301

Name of the Vulnerable Software and Affected Versions: Tenda N301 version 6.0, Firmware version 12.02.01.61 multi Description: The issue allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password due to cleartext transmission in...

5.7CVSS6.6AI score0.00401EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.6 views

PT-2023-19405 · Sourcecodester · Sourcecodester Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue affects the processing of the file /admin/inquiries/view inquiry.php, where the manipulation of the id argument leads to sql injection. The attack can be...

6.5CVSS7AI score0.0063EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-18928 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs when an application includes user input in its output without proper validation, allowing an attacker to inject...

6.1CVSS5.5AI score0.00523EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.7 views

PT-2023-2824 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The issue results from the lack of control of resource consumption when handling SMB2 SESSION SET...

10CVSS6.8AI score0.71737EPSS
Exploits53References339
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.4 views

PT-2023-13496 · Ibm · Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Data versions 4.5 through 4.6 Description: The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. Recommendations: For versions 4...

7.2CVSS6.8AI score0.00866EPSS
Exploits0References5
NVD
NVD
added 2023/04/25 6:15 p.m.20 views

CVE-2023-30545

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager Advanced Options - Database to arbitrarily read any file on the operating system when using SQL function LOADFILE in a SELECT request. This gives...

7.7CVSS7.7AI score0.00856EPSS
Exploits2References3
Prion
Prion
added 2023/04/25 6:15 p.m.20 views

Design/Logic Flaw

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager Advanced Options - Database to arbitrarily read any file on the operating system when using SQL function LOADFILE in a SELECT request. This gives...

4CVSS6.6AI score0.00856EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/04/25 5:0 p.m.1 views

UBUNTU-CVE-2023-25815

In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...

3.3CVSS6.7AI score0.01055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/24 9:58 p.m.11 views

CVE-2023-30629 Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the rawcall with revertonfailure=False and maxoutsize=0 receives the wrong response from rawcall. Depending on the...

7.5CVSS7.5AI score0.00883EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/24 8:6 p.m.4 views

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

8.8CVSS8.8AI score0.01972EPSS
Exploits2References6
Rows per page
Query Builder