Lucene search
K

149 matches found

CVE
CVE
added 2021/05/07 11:33 a.m.45 views

CVE-2020-14009

Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...

6.8CVSS6.2AI score0.00316EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/04/19 8:15 p.m.1 views

DEBIAN-CVE-2021-30022

There is a integer overflow in mediatools/avparsers.c in the gfavcreadppsbsinternal in GPAC from 0.5.2 to 1.0.1. ppsid may be a negative number, so it will not return. However, avc-pps only has 255 unit, so there is an overflow, which results a crash...

5.5CVSS6.5AI score0.01072EPSS
Exploits1References1
OSV
OSV
added 2021/04/19 8:15 p.m.3 views

DEBIAN-CVE-2021-30020

In the function gfhevcreadppsbsinternal function in mediatools/avparsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps-numtilecolumns may be larger than sizeofpps-columnwidth, which results in a heap overflow in the loop...

5.5CVSS6.5AI score0.00911EPSS
Exploits1References1
OSV
OSV
added 2021/04/19 8:15 p.m.4 views

UBUNTU-CVE-2021-30022

There is a integer overflow in mediatools/avparsers.c in the gfavcreadppsbsinternal in GPAC from 0.5.2 to 1.0.1. ppsid may be a negative number, so it will not return. However, avc-pps only has 255 unit, so there is an overflow, which results a crash...

5.5CVSS7.3AI score0.01072EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/04/19 12:0 a.m.4 views

GPAC 输入验证错误漏洞

GPAC is a multimedia framework for rich media and distributed under the LGPL license. An integer overflow vulnerability exists in gfavcreadppsbsinternal in mediatools/avparsers.c in GPAC version 1.0.1. An attacker could exploit this vulnerability to cause a program crash...

5.5CVSS5.7AI score0.01072EPSS
Exploits1References4
Malwarebytes
Malwarebytes
added 2020/06/29 4:25 p.m.44 views

A week in security (June 22 – 28)

Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding within EXIF metadata that...

7.5CVSS0.8AI score
Exploits1
Akamai Blog
Akamai Blog
added 2020/05/26 9:14 p.m.12 views

Record 0-Second SLA PPS Mitigation

On May 2, 2020, Akamai blocked a large PPS-focused attack against one of our financial services customers in 0 seconds, utilizing a proactive mitigation posture. This was one of the largest PPS levels we have on record, and the biggest mitigated to date in 0 seconds. The attacker launched a bevy ...

3.5AI score
Exploits0
OSV
OSV
added 2019/07/08 6:15 p.m.3 views

CVE-2019-2107

In ihevcdparsepps of ihevcdparseheaders.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

8.8CVSS6.3AI score0.08926EPSS
Exploits6References3
Prion
Prion
added 2019/06/28 6:15 p.m.16 views

Cross site scripting

An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure PCS 8.3R2 before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX...

4.3CVSS5.9AI score0.01587EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/06/03 7:34 p.m.39 views

CVE-2019-11509

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure PPS before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker via the admin web...

9.3AI score0.07817EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2019/05/07 8:16 p.m.36 views

Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them.

DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2019/04/30 12:0 p.m.83 views

Updated: This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.

Updated April 30, 2019 with new data from an even larger attack. Skip directly to the bottom to learn more. DDoS attacks are usually measured by the amount of bandwidth involved, such as the 1.35 Terabits per second maximum attack directed at GitHub last year, the largest DDoS attack ever at the...

7.1AI score
Exploits0
CVE
CVE
added 2019/03/16 3:0 a.m.69 views

CVE-2018-20814

The CVE-2018-20814 issue is a cross-site scripting (XSS) vulnerability in Psaldownload.cgi affecting Pulse Connect Secure (PCS) 8.3R2 and earlier and Pulse Policy Secure (PPS) 5.4RX and earlier (not applicable to PCS 8.1RX or PPS 5.2RX). Root cause is insufficient validation of client data in the...

6.1CVSS5.9AI score0.01587EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2018/12/19 12:0 a.m.3 views

PT-2023-15160 · Unknown +1 · Gpac Mp4Box +1

Name of the Vulnerable Software and Affected Versions: GPAC MP4box version 2.1-DEV-rev574-g9d5bb184b Description: The issue is related to a buffer overflow in the gf vvc read pps bs internal function, located in the media tools/av parsers.c file. Recommendations: For GPAC MP4box version...

9.8CVSS7.8AI score0.04615EPSS
Exploits93References232
NVD
NVD
added 2018/09/06 11:29 p.m.14 views

CVE-2018-6320

A vulnerability has been discovered in login.cgi in Pulse Secure Pulse Connect Secure PCS 8.1RX before 8.1R12 and 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.2RX before 5.2R9 and 5.4RX before 5.4R2 wherein an https Host header received from the browser is trusted without validation...

9.8CVSS9.4AI score0.04079EPSS
Exploits0References1
CVE
CVE
added 2018/09/06 11:0 p.m.53 views

CVE-2018-6320

CVE-2018-6320 affects Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) where login.cgi improperly validates the http(s) Host header. Affected versions: PCS 8.1RX pre-8.1R12 and 8.3RX pre-8.3R2; PPS 5.2RX pre-5.2R9 and 5.4RX pre-5.4R2. The issue arises from trusting the Host header receive...

9.8CVSS9.3AI score0.04079EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2018/01/16 10:29 p.m.11 views

CVE-2018-5299

A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure PCS before 8.3R4 and Pulse Policy Secure PPS before 5.4R4, leading to memory corruption and possibly remote code execution...

9.8CVSS9.9AI score0.03061EPSS
Exploits0References1
CVE
CVE
added 2018/01/16 10:0 p.m.51 views

CVE-2018-5299

CVE-2018-5299 is a stack-based buffer overflow in the web server of Pulse Secure Pulse Connect Secure (PCS) prior to 8.3R4 and Pulse Policy Secure (PPS) prior to 5.4R4, leading to memory corruption and potential remote code execution. Public sources (NVD/CNVD/PRION/CVE List) confirm a network-vec...

9.8CVSS9.8AI score0.03061EPSS
Exploits0References1Affected Software2
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.9AI score
Exploits0
Rows per page
Query Builder