Lucene search
K

102 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:25 a.m.5 views

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

7.5CVSS7.8AI score0.01681EPSS
Exploits1References1
OSV
OSV
added 2025/03/29 6:24 a.m.5 views

OESA-2025-1345 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

5.1CVSS6.8AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2025/03/29 6:24 a.m.5 views

OESA-2025-1343 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

5.1CVSS6.8AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2025/03/29 6:24 a.m.5 views

OESA-2025-1342 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

5.1CVSS6.8AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:35 a.m.10 views

CVE-2024-23769

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

7.3CVSS6.6AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 3:15 p.m.3 views

UBUNTU-CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

5.1CVSS5.8AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.6 views

ARM CPU 安全漏洞

ARM CPUs are a family of central processors from the British company ARM. The ARM CPUs suffer from a security vulnerability that stems from the fact that an unprivileged context can trigger a data memory-related prefetch engine to fetch the contents of a privileged location and use those contents...

5.1CVSS6.3AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-3695

Name of the Vulnerable Software and Affected Versions arm64 CPU affected versions not specified Description The issue allows an unprivileged context to trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is...

7.5CVSS6.3AI score0.00622EPSS
Exploits0References52
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.7 views

Owncast 安全漏洞

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in Owncast 0.1.2 and earlier versions, which stems from a loose CORS policy that allows an attacker to make cross-origin requests to read privileged...

9.1CVSS7.7AI score0.00415EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/15 5:11 a.m.27 views

CVE-2022-23091 Memory disclosure by stale virtual memory mapping

A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to othe...

6.4AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2024/02/07 7:15 p.m.15 views

CVE-2024-23769

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

7.3CVSS7AI score0.00221EPSS
Exploits0References1
Prion
Prion
added 2024/02/07 7:15 p.m.19 views

Input validation

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

1.9CVSS7AI score0.00221EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.7 views

Samsung Magician PC Software Security Vulnerability

SAMSUNG Magician PC Software is an application from Samsung South Korea. It is designed to help manage Samsung SSDs. A security vulnerability exists in Samsung Magician PC Software version 8.0.0, which stems from improper privilege control over named pipes. An attacker exploiting the vulnerabilit...

7.3CVSS6.7AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/07 12:0 a.m.12 views

CVE-2024-23769

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 for Windows allows a local attacker to read privileged data...

7.3CVSS7AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.5 views

IBM Sterling Secure Proxy Security Vulnerability

IBM Sterling Secure Proxy is an International Business Machines IBM application agent used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0, which stems from an inadequate memory...

5.5CVSS6.2AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.5 views

PT-2023-22227 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: The issue allows a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. Recommendations...

5.5CVSS5.1AI score0.00162EPSS
Exploits0References7
OSV
OSV
added 2023/04/11 3:15 a.m.6 views

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.1 views

CVE-2023-20131

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

6.5CVSS6.1AI score0.00573EPSS
Exploits0References2
OSV
OSV
added 2023/04/05 6:15 p.m.4 views

CVE-2023-20127

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

6.5CVSS6.6AI score0.00917EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.4 views

SUSE CVE-2019-9802

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

7.5CVSS8.4AI score0.01127EPSS
Exploits0References4
Rows per page
Query Builder