Lucene search
K

104 matches found

CNNVD
CNNVD
added 2021/09/09 12:0 a.m.6 views

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited by attackers to execute arbitrary Web script or HTML via a specially crafted payload in the posted question...

5.4CVSS6AI score0.00558EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2021/08/16 12:0 a.m.71 views

Unbreakable Enterprise kernel security update

4.14.35-2047.506.10 - Revert 'rds/ib: reap tx completions during connection shutdown' Manjunath Patil Orabug: 33220435 - Revert 'rds/ib: handle posted ACK during connection shutdown' Manjunath Patil Orabug: 33220435 - Revert 'rds/ib: recover rds connection from interrupt loss scenario' Manjunath...

8.8CVSS0.8AI score0.00658EPSS
Exploits1
CNNVD
CNNVD
added 2021/05/18 12:0 a.m.3 views

CentOS Web Panel SQL注入漏洞

CentOS Web Panel CWP is a free web hosting control panel from the Control Web Panel community. A SQL injection vulnerability exists in CentOS Web Panel that allows unprivileged users to attack via the idsession, an HTTP POST parameter...

10CVSS8.6AI score0.13029EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.301 views

WordPress GiveWP 2.9.7 Cross Site Scripting

Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...

6.3AI score0.0137EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2020/04/04 5:14 a.m.27 views

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

8.8CVSS1.7AI score0.0036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2019/01/03 4:29 p.m.4 views

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

8.8CVSS8AI score0.0036EPSS
Exploits0References24Affected Software1
OSV
OSV
added 2019/01/03 4:29 p.m.1 views

DEBIAN-CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

8.8CVSS7.7AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2019/01/03 12:0 a.m.3 views

UBUNTU-CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

8.8CVSS6.7AI score0.0036EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2018/12/18 12:0 a.m.7 views

PT-2018-2986 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.91 Linux kernel versions prior to 4.19.13 Description: The issue is related to a use-after-free problem in the Linux kernel's KVM hypervisor when processing posted interrupts with nested virtualization...

10CVSS7.4AI score0.93838EPSS
Exploits46References333
CNVD
CNVD
added 2016/07/12 12:0 a.m.5 views

Arbitrary Command Execution Vulnerability in the Call Center of Shenzhen Jishi Communication Co.

The call center of Shenzhen Jishu Communication Co., Ltd. is a new generation of enterprise-level call center system. An arbitrary command execution vulnerability exists in the call center of Shenzhen JTS Communications Co. By constructing the $POST parameter without any filtering measures, it...

7.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2016/06/20 11:32 p.m.18 views

Twitter Ex-CEO Dick Costolo Got Hacked!

The same group of teenage hackers that hacked Facebook CEO Mark Zuckerberg's Twitter and Pinterest accounts have hacked another the Twitter account of another high-profile person. This time, it's Twitter's ex-CEO, Dick Costolo. The hacker group from Saudi Arabia, dubbed OurMine, compromised Twitt...

6.8AI score
Exploits0
OSV
OSV
added 2016/04/15 2:59 p.m.3 views

DEBIAN-CVE-2016-2145

The amreadpostdata function in modauthmellon before 0.11.1 does not check if the apgetclientblock function returns an error, which allows remote attackers to cause a denial of service segmentation fault and process crash via a crafted POST data...

7.5CVSS7AI score0.03065EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.37 views

AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Asterisk Project Security Advisory - AST-2013-004 Product Asterisk Summary Remote Crash From Late Arriving SIP ACK With SDP Nature of Advisory Remote Crash Susceptibility Remote Unauthenticated Sessions Severity Major Exploits Known None Reported On February 11, 2013 Reported By Colin Cuthbertson...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2013/02/22 12:0 a.m.373 views

CKEditor 4.0.1 多个安全漏洞

CKEditor是一款在线文字编辑器 CKEditor存在多个安全漏洞,允许攻击者利用漏洞进行跨站请求伪造,跨站脚本攻击及获取路径信息 0 CKEditor 4.0.1 厂商解决方案 目前没有详细解决方案提供: http://ckeditor.com/ =========================================== Vulnerable Software: ckeditor 4.0.1 standard Download:...

7.1AI score
Exploits0
Mozilla
Mozilla
added 2012/10/09 12:0 a.m.52 views

Spoofing and script injection through location.hash — Mozilla

Security researcher Mariusz Mlynski reported an issue with spoofing of the location property. In this issue, writes to location.hash can be used in concert with scripted history navigation to cause a specific website to be loaded into the history object. The baseURI can then be changed to this...

4.3CVSS8.8AI score0.02513EPSS
Exploits0References2Affected Software5
CISA
CISA
added 2011/12/20 12:0 a.m.19 views

USAA Phishing Scam and Malware Campaign

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...

6.5AI score
Exploits0References3
Mozilla
Mozilla
added 2010/02/17 12:0 a.m.42 views

Web Worker Array Handling Heap Corruption Vulnerability — Mozilla

Security researcher Orlando Barrera II of SecTheory reported, via TippingPoint's Zero Day Initiative, that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory...

10CVSS2AI score0.06006EPSS
Exploits0References2Affected Software2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/02/26 6:28 a.m.2 views

Apache Tomcat information disclosure vulnerability

Overview Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in...

2.6CVSS4.7AI score0.03914EPSS
Exploits2References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/02/26 12:0 a.m.33 views

JVN#66905322: Apache Tomcat information disclosure vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. Impact A remote attacker could possibly obtain user...

2.6CVSS7.4AI score0.03914EPSS
Exploits2
Prion
Prion
added 2006/06/05 5:2 p.m.17 views

Buffer overflow

Multiple buffer overflows in the 1 vGetPost and 2 main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact...

7.5CVSS8.4AI score0.05683EPSS
Exploits1References6
Rows per page
Query Builder