Lucene search
K

4604 matches found

Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.4 views

PT-2022-9652 · WordPress · Labtools

Name of the Vulnerable Software and Affected Versions: LabTools WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of proper authorization and CSRF check when deleting publications. This allows any authenticated users, such as subscribers, to delete arbitrary...

6.5CVSS6.4AI score0.00382EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.5 views

PT-2022-16117 · Nimforum · Nimforum

Name of the Vulnerable Software and Affected Versions: Nimforum versions prior to 2.2.0 Description: The issue allows any forum user to create a new thread or post that includes a reference to a local file on the host operating system. Nimforum will render the file if possible. This can be done...

8.1CVSS7.9AI score0.01343EPSS
Exploits1References8
OSV
OSV
added 2022/01/28 11:15 a.m.2 views

UBUNTU-CVE-2022-21720

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

4.9CVSS6.5AI score0.01134EPSS
Exploits0References2
OSV
OSV
added 2022/01/27 12:15 a.m.1 views

UBUNTU-CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

9.1CVSS7.3AI score0.02405EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/01/27 12:0 a.m.2 views

CVE-2022-21723 Out-of-bounds read in multipart parsing in PJSIP

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause...

9.1CVSS8.8AI score0.04478EPSS
Exploits0References9
CVE
CVE
added 2022/01/27 12:0 a.m.151 views

CVE-2022-21722

CVE-2022-21722 affects PJPROJECT (PJMEDIA) used by PJSCI/PJSIP. In 2.11.1 and earlier, certain incoming RTP/RTCP packets can cause out-of-bounds read access due to multiple code paths; this impacts users accepting RTP/RTCP streams. A patch is available as a commit in the master branch. There are ...

9.1CVSS9.3AI score0.02405EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2022/01/27 12:0 a.m.20 views

CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

9.1CVSS9.4AI score0.02405EPSS
Exploits0
CBLMariner
CBLMariner
added 2022/01/26 10:54 p.m.11 views

CVE-2021-45480 affecting package kernel 5.10.189.1-1

CVE-2021-45480 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

5.5CVSS7.4AI score0.00353EPSS
Exploits0
CBLMariner
CBLMariner
added 2022/01/26 10:54 p.m.12 views

CVE-2021-28715 affecting package kernel 5.10.189.1-1

CVE-2021-28715 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

6.5CVSS7.9AI score0.00332EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/01/26 12:0 a.m.5 views

PT-2022-4912 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the handling of the libcommonprod.so binary, where a specially-crafted configuration value can...

9.8CVSS9.5AI score0.01088EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/01/21 12:0 a.m.4 views

PT-2022-7540 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: The issue is related to a Divide By Zero vulnerability in the H5T complete copy function, located in the H5T.c file of the HDF5 library. This vulnerability can cause an arithmetic exception, leading to a...

9.8CVSS6.8AI score0.02402EPSS
Exploits10References78
CBLMariner
CBLMariner
added 2022/01/12 3:54 a.m.14 views

CVE-2021-41496 affecting package numpy 1.16.6-2

CVE-2021-41496 affecting package numpy 1.16.6-2. A patched version of the package is available...

5.5CVSS9.9AI score0.00368EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/01/11 12:0 a.m.3 views

PT-2022-1525 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the Windows Certificate authentication procedure, allowing an attacker to conduct spoofing attacks. It is associated with data substitution, enabling...

7.8CVSS9.4AI score0.00704EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2022/01/07 12:0 a.m.2 views

PT-2022-12528 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the gf hinter finalize function. This issue allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...

9.8CVSS7.5AI score0.04615EPSS
Exploits98References239
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.4 views

PT-2021-14825 · Lantronix · Lantronix Premierwave 2050

Name of the Vulnerable Software and Affected Versions: Lantronix PremierWave 2050 version 8.9.0.0R4 Description: A directory traversal issue exists in the Web Manager FsTFtp functionality, allowing a specially crafted HTTP request to potentially overwrite FsTFtp files. This can be triggered by an...

9.1CVSS7.9AI score0.02338EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.6 views

PT-2021-14831 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface ov...

8.5CVSS7.5AI score0.00953EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/13 12:0 a.m.3 views

PT-2021-22370 · Ibm · Ibm Spectrum Copy Data Management

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Copy Data Management versions 2.2.13 and earlier Description: The issue is related to weak authentication and password rules, and incorrect handling of default credentials for the Spectrum Copy Data Management Admin console...

7.5CVSS6.2AI score0.01388EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.2 views

PT-2021-16899 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify versions v8.0 through v9.2.4 Description: The issue is related to stored XSS due to an unrestricted file upload. This allows a user with the publisher role to inject malicious JavaScript via an uploaded html file. Recommendations: For...

5.4CVSS5.2AI score0.00578EPSS
Exploits0References8
CBLMariner
CBLMariner
added 2021/11/03 7:21 p.m.15 views

CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4

CVE-2021-38593 affecting package qt5-qtsvg 5.12.11-4. A patched version of the package is available...

7.5CVSS7.5AI score0.0306EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/11/03 12:0 a.m.3 views

PT-2021-23751 · Unknown · Sourcecodester Simple Subscription Website

Name of the Vulnerable Software and Affected Versions: Sourcecodester Simple Subscription Website version 1.0 Description: A SQL Injection issue exists via the login, allowing potential exploitation. Recommendations: For version 1.0, consider disabling the login functionality until a patch is...

9.8CVSS9.9AI score0.04729EPSS
Exploits4References8
Rows per page
Query Builder