Lucene search
K

314 matches found

Tenable Nessus
Tenable Nessus
added 2018/04/04 12:0 a.m.104 views

Ubuntu 16.04 LTS : Linux (HWE) vulnerabilities (USN-3617-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3617-2 advisory. USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

7.8CVSS7.1AI score0.07679EPSS
Exploits10References23
NVD
NVD
added 2018/04/03 6:29 a.m.21 views

CVE-2018-4172

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore...

4.6CVSS3.7AI score0.00396EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/04/03 6:0 a.m.20 views

CVE-2018-4123

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address...

2.8AI score0.0038EPSS
Exploits0References3
Prion
Prion
added 2018/01/27 3:29 p.m.12 views

Code injection

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...

7.2CVSS6AI score0.01775EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/01/27 3:29 p.m.18 views

CVE-2018-6353

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...

7.8CVSS7AI score0.00483EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/01/27 3:0 p.m.19 views

CVE-2018-6353

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...

6.3AI score0.00483EPSS
Exploits1References2
Prion
Prion
added 2017/12/01 5:29 p.m.18 views

Design/Logic Flaw

DISPUTED HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but mor...

3.3CVSS6.5AI score0.00492EPSS
Exploits2References2Affected Software1
OpenVAS
OpenVAS
added 2017/11/22 12:0 a.m.58 views

Ubuntu: Security Advisory (USN-3485-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.5AI score0.00962EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2017/11/22 12:0 a.m.47 views

Ubuntu: Security Advisory (USN-3485-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.5AI score0.00962EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2017/11/21 12:0 a.m.40 views

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3485-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3485-2 advisory. USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

7.8CVSS7.6AI score0.00962EPSS
Exploits4References14
CVE
CVE
added 2017/10/23 6:0 p.m.44 views

CVE-2015-6839

The CVE-2015-6839 entry concerns MSA vot.Ar 3.1, where the parse function fails to prevent a candidate from receiving multiple votes. The underlying issue is a vulnerability in the parsing logic that allows an RFID ballot tag crafted by an attacker in close physical proximity to cause multiple vo...

4.6CVSS4.7AI score0.00396EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/10/23 6:0 p.m.22 views

CVE-2015-6839

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag...

4.6AI score0.00396EPSS
Exploits0References4
Prion
Prion
added 2017/09/26 1:29 a.m.14 views

Input validation

ovirtsafedeleteconfig in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary...

9CVSS7.7AI score0.0351EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/25 7:0 p.m.18 views

CVE-2014-8170

ovirtsafedeleteconfig in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary...

8.9AI score0.0351EPSS
Exploits0References2
CVE
CVE
added 2017/09/25 7:0 p.m.46 views

CVE-2014-8170

CVE-2014-8170 affects ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3. The issue stems from ovirt_safe_delete_config in ovirtfunctions.py (and other locations) not properly quoting input strings, enabling arbitrary command execution when a semicolon is included in...

9CVSS8.7AI score0.0351EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/07/31 3:29 a.m.12 views

Design/Logic Flaw

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script...

2.1CVSS7.5AI score0.00362EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/05/10 2:29 p.m.14 views

Design/Logic Flaw

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

4.6CVSS6.6AI score0.00439EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/05/10 2:29 p.m.13 views

CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

6.8CVSS6.9AI score
Exploits0References1
Cvelist
Cvelist
added 2017/04/20 5:0 p.m.43 views

CVE-2016-6338

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager aka RHEV-M for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries...

6.5AI score0.00519EPSS
Exploits1References3
Prion
Prion
added 2017/04/14 6:59 p.m.18 views

Design/Logic Flaw

The web interface in Red Hat QuickStart Cloud Installer QCI 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display...

2.1CVSS6.7AI score0.00416EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder