Lucene search
K

4605 matches found

Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.4 views

PT-2022-23787 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the function UpdateWanModeMulti. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, as a temporary workaround, consider disabling the UpdateWanModeMulti...

9.8CVSS9.6AI score0.01011EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.5 views

PT-2022-23420 · H3C · H3C Magic Nx18 Plus

Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function Asp SetTimingtimeWifiAndLed. This issue affects the H3C Magic NX18 Plus device. Recommendations: For H3C Magic NX18 Plus version...

7.8CVSS7.8AI score0.00536EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.2 views

PT-2022-23272 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...

6.1CVSS5.7AI score0.00496EPSS
Exploits1References4
OSV
OSV
added 2022/08/16 12:0 a.m.22 views

GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...

8.8CVSS9.3AI score0.01278EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.9 views

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

7.8CVSS7.4AI score0.0018EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2022/08/15 7:15 a.m.20 views

Exploit for CVE-2017-0199

It is an offensive tool for Microsoft Office. The repository con...

9.3CVSS8.1AI score0.99933EPSS
Exploits29
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.3 views

PT-2022-7376 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.19.9 Description: The issue is related to a use-after-free vulnerability in the adev release function in the Linux kernel's Platform Environment Control Interface PECI driver. This vulnerability occurs when...

7.8CVSS6.8AI score0.00216EPSS
Exploits0References16
CBLMariner
CBLMariner
added 2022/08/12 4:45 p.m.19 views

CVE-2021-20194 affecting package kernel 5.10.123.1-1

CVE-2021-20194 affecting package kernel 5.10.123.1-1. A patched version of the package is available...

7.8CVSS7.4AI score0.00396EPSS
Exploits0
CBLMariner
CBLMariner
added 2022/08/12 4:45 p.m.17 views

CVE-2022-32981 affecting package kernel 5.10.123.1-1

CVE-2022-32981 affecting package kernel 5.10.123.1-1. A patched version of the package is available...

7.8CVSS7.4AI score0.00951EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.3 views

PT-2022-4116 · Cryptopro +3 · Cryptopro Secure Disk +3

Name of the Vulnerable Software and Affected Versions: CryptoPro Secure Disk versions before 2022-06-01 Description: A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker...

7.2CVSS6.7AI score0.01046EPSS
Exploits0References28
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.4 views

PT-2022-4110 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to a denial of service vulnerability in Microsoft Outlook. It is caused by incorrect clearing or release of resources. An attacker, acting remotely, can explo...

7.8CVSS8.1AI score0.22441EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.4 views

PT-2022-23284 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...

6.1CVSS6.8AI score0.0074EPSS
Exploits3References10
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.3 views

PT-2022-6819 · Ppp +3 · Ppp +3

Name of the Vulnerable Software and Affected Versions: ppp affected versions not specified Description: The issue is related to the function dumpppp of the file pppdump/pppdump.c of the component pppdump. It involves improper validation of array index due to the manipulation of the argument...

10CVSS9.3AI score0.00821EPSS
Exploits0References38
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.7 views

PT-2022-20601 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...

7.1CVSS6.1AI score0.0059EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.6 views

PT-2022-20599 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 6.4 Description: The issue concerns the exposure of metadata on withdrawn items via the XMLUI "mets.xml" object, as long as the handle/URL of the withdrawn item is known. This affects the XMLUI component of DSpace. Th...

5.3CVSS4.9AI score0.00687EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.2 views

PT-2022-4025 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified U...

6.8CVSS6.2AI score0.00645EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.6 views

PT-2022-22210 · Wavlink · Wavlink Wifi-Repeater Rpta2-77W

Name of the Vulnerable Software and Affected Versions: Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Description: An access control issue allows attackers to obtain system key information and execute arbitrary commands by accessing the page "syslog.shtml". Recommendations: For Wavlink...

8CVSS8.1AI score0.00858EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.3 views

PT-2022-8896 · Unknown · Sonar-Wrapper

Name of the Vulnerable Software and Affected Versions: sonar-wrapper versions all versions Description: A command injection issue affects the package. The injection point is located in lib/sonarRunner.js. Recommendations: For all versions, consider restricting access to the vulnerable...

9.8CVSS9.7AI score0.01112EPSS
Exploits1References5
EUVD
EUVD
added 2022/07/20 12:0 a.m.3 views

EUVD-2022-6344

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.3AI score0.01933EPSS
Exploits1References18
Vulnrichment
Vulnrichment
added 2022/07/15 5:45 p.m.11 views

CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

7.9CVSS7.9AI score0.01193EPSS
Exploits1References1
Rows per page
Query Builder