Lucene search
K

4603 matches found

Positive Technologies
Positive Technologies
added 2019/05/03 12:0 a.m.8 views

PT-2019-18201 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: The Traffic Management Microkernel TMM may restart when a virtual server has an HTTP/2 profile with...

7.5CVSS7.5AI score0.01766EPSS
Exploits0References4
NCSC
NCSC
added 2019/04/04 12:0 a.m.7 views

Vulnerability fixed in PostgreSQL

Because of a vulnerability in PostgreSQL, a malicious person with DB-admin privileges to obtain the rights with which the server is running. Exploit code has been released for this vulnerability. Currently, there is no update or patch available. You can mitigate abuse mitigate abuse of this...

9CVSS7AI score0.91877EPSS
Exploits17
Cvelist
Cvelist
added 2019/03/26 4:21 p.m.18 views

CVE-2014-5401 Hospira MedNet Code Injection

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versio...

10CVSS9.8AI score0.05009EPSS
Exploits0References2
OSV
OSV
added 2019/02/18 11:57 p.m.1 views

GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall

Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS7.5AI score0.01682EPSS
Exploits0References3
OSV
OSV
added 2019/02/18 11:50 p.m.2 views

GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

8.1CVSS6.1AI score0.00644EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:50 p.m.5 views

GHSA-9GQH-Q4CX-F2H9 ipip downloads Resources over HTTP

Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

5.9CVSS6.1AI score0.00578EPSS
Exploits0References3
OSV
OSV
added 2019/02/18 11:50 p.m.15 views

GHSA-6Q8Q-RVF4-M4PG dalek-browser-chrome Downloads Resources over HTTP

Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...

8.1CVSS7.5AI score0.02104EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:45 p.m.17 views

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS6AI score0.01699EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:45 p.m.3 views

GHSA-5PQ8-2Q24-MJ3P Downloads Resources over HTTP in fis-parser-sass-bin

Affected versions of fis-parser-sass-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

9.3CVSS7.5AI score0.01682EPSS
Exploits0References3
OSV
OSV
added 2019/02/18 11:38 p.m.0 views

GHSA-XJ62-87PG-VCV3 Regular Expression Denial of Service in jshamcrest

The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...

7.5CVSS5.9AI score0.01093EPSS
Exploits0References3
OSV
OSV
added 2019/02/18 11:34 p.m.2 views

GHSA-8CC8-8VVX-FHGW jdf-sass downloads Resources over HTTP

Affected versions of jdf-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

8.1CVSS6.3AI score0.01631EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/02/12 12:0 a.m.3 views

PT-2019-1402 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: A remote code execution issue exis...

9.3CVSS9.2AI score0.12389EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2019/01/24 12:0 a.m.5 views

PT-2019-18337 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.32.3 Description: An issue exists in the software where Reflected XSS is present in the web/skins/classic/views/plugin.php file via the pl parameter in the /zm/index.php?view=plugin API endpoint. Recommendations: For...

9.8CVSS6.4AI score0.66317EPSS
Exploits46References112
Positive Technologies
Positive Technologies
added 2018/12/19 12:0 a.m.5 views

PT-2022-5597 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC affected versions not specified Description: The issue is related to the function svg parse preserveaspectratio of the SVG Parser component in the GPAC multimedia platform. It is caused by incorrect clearing or freeing of resources,...

9.8CVSS7.2AI score0.04615EPSS
Exploits150References379
Positive Technologies
Positive Technologies
added 2018/10/31 12:0 a.m.7 views

PT-2019-5708 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.x through 2.7.16 Python versions 3.x before 3.4.10 Python versions 3.5.x before 3.5.7 Python versions 3.6.x before 3.6.9 Python versions 3.7.x before 3.7.3 Description: The issue is related to the incorrect domain validation...

10CVSS6.7AI score0.95707EPSS
Exploits118References967
OSV
OSV
added 2018/09/18 1:49 p.m.1 views

GHSA-HXHM-3VJ9-6CQH apk-parser2 downloads Resources over HTTP

Affected versions of apk-parser2 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

8.1CVSS6.3AI score0.01752EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/09/10 12:0 a.m.4 views

PT-2018-16290 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub version 0.20.17 Description: A buffer overflow issue exists in the /cameras/XXXX/clips handler of the video-core's HTTP server. The video-core process incorrectly handles user-controlled JSON payloads, leading to a...

9.9CVSS9.4AI score0.01534EPSS
Exploits2References3
OSV
OSV
added 2018/08/17 8:20 p.m.1 views

GHSA-VCFP-PPQW-MF23 fis-sass-all downloads Resources over HTTP

Affected versions of fis-sass-all insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

8.1CVSS6.3AI score0.02104EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2018/08/06 12:0 a.m.44 views

OCS Inventory NG Webconsole Shell Upload

Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE CVE-2018-14857 Vulnerability Overview OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions...

8.8AI score0.0369EPSS
Exploits2
OSV
OSV
added 2018/07/24 7:46 p.m.1 views

GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

7.5CVSS5.9AI score0.09242EPSS
Exploits2References3
Rows per page
Query Builder