Lucene search
K

4605 matches found

Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.5 views

PT-2022-4788 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver versions prior to 10.0.10240.19444 Windows Common Log File System Driver versions prior to 10.0.14393.5356 Windows Common Log File System Driver versions prior to the fixed version Description: The issue ...

7.8CVSS9.2AI score0.28483EPSS
Exploits5References30
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-24559 · Transtek · Transtek Mojodat Fam

Name of the Vulnerable Software and Affected Versions: Transtek Mojodat FAM Fixed Asset Management version 2.4.6 Description: The issue allows remote attackers to bypass authorization in the mobile application. Recommendations: For version 2.4.6, consider restricting access to sensitive features...

9.8CVSS9.4AI score0.00948EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/08 8:35 p.m.8 views

CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

8.9CVSS8.9AI score0.57388EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/09/08 1:30 p.m.8 views

CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions

Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...

7.4CVSS9.6AI score0.01224EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/09/07 11:0 p.m.4 views

CVE-2022-36089 VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay

KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the PlatformID as the signed key to generate the JWT tokens for users. Another AP...

8.2CVSS9.5AI score0.00698EPSS
Exploits0References2
NVD
NVD
added 2022/09/06 7:15 p.m.25 views

CVE-2022-36039

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's...

7.8CVSS0.00365EPSS
Exploits0References4
Prion
Prion
added 2022/09/06 7:15 p.m.14 views

Out-of-bounds

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's...

4.4CVSS7.8AI score0.00365EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/09/06 7:15 p.m.11 views

Remote code execution

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

4.4CVSS8.1AI score0.00872EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/06 7:5 p.m.6 views

CVE-2022-36039 Out-of-bounds write when parsing DEX files in Rizin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's...

7.8CVSS7.8AI score0.00365EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/06 7:0 p.m.4 views

CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

8.8CVSS9.2AI score0.00872EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-23488 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE Description: The issue is caused by a buffer overflow in the getsinglepppuser function due to sscanf. Recommendations: For Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE, as a temporary...

9.8CVSS9.5AI score0.00785EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-24109 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A860R version 4.1.2cu.5182 B20201027 Description: The issue is related to a buffer overflow vulnerability in the main function of the downloadfile.cgi. Recommendations: For TOTOLINK A860R version 4.1.2cu.5182 B20201027, consider...

9.8CVSS9.5AI score0.00775EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-24107 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A860R version 4.1.2cu.5182 B20201027 Description: The issue is related to a Buffer Overflow that can be triggered via the Cstecgi.cgi endpoint. This allows for potential exploitation. No information is provided about the estimated...

9.8CVSS9.3AI score0.00775EPSS
Exploits0References3
OSV
OSV
added 2022/09/02 7:15 a.m.6 views

CVE-2022-29063

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

9.8CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/02 7:15 a.m.3 views

CVE-2022-29063

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

9.8CVSS7.3AI score0.03507EPSS
Exploits0References3
OSV
OSV
added 2022/08/31 4:15 p.m.2 views

CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView versions: Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability...

5.5CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.5 views

PT-2022-23854 · Vim · Gvim

Name of the Vulnerable Software and Affected Versions: gvim version 9.0.0000 Description: An issue in the installer of gvim allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:Program.exe. Recommendations: For gvim version 9.0.0000, consider restricting...

7.8CVSS7.8AI score0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.7 views

PT-2022-23590 · Unknown · Library Management System

Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the bookId parameter at the "/librarian/delete.php" API endpoint. Recommendations: For Library...

9.8CVSS9.6AI score0.00789EPSS
Exploits1References4
OSV
OSV
added 2022/08/27 12:0 a.m.27 views

GHSA-CC99-WHM5-MMQ3 Openstack Keystone Incorrect Authorization vulnerability

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...

9.1CVSS7.3AI score0.01319EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.6 views

PT-2022-23808 · H3C · H3C H200

Name of the Vulnerable Software and Affected Versions: H3C H200 version H200V100R004 Description: A stack overflow issue was discovered via the function SetAPWifiorLedInfoById. Recommendations: For H3C H200 version H200V100R004, consider disabling the SetAPWifiorLedInfoById function as a temporar...

9.8CVSS9.7AI score0.01013EPSS
Exploits1References2
Rows per page
Query Builder