Lucene search
K

157 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 3:2 p.m.2 views

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

5.9AI score0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 3:2 p.m.24 views

CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

6.9CVSS0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 3:2 p.m.49 views

CVE-2025-15480

CVE-2025-15480 affects ubuntu-desktop-provision 24.04.4 in Ubuntu. If a user fails installation and submits a bug report to Launchpad, the attached logs could include the user’s password hash, leading to confidential data exposure. The impact is described as a password-hash disclosure in crash-re...

9.1CVSS5.9AI score0.00307EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

Ubuntu Desktop Provision 安全漏洞

Ubuntu Desktop Provision is an open-source desktop configuration tool developed by Canonical. Version 24.04.4 of Ubuntu Desktop Provision contains a security vulnerability, which stems from improper handling of crash reports and could lead to password hash leaks...

9.1CVSS5.8AI score0.00307EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31614

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

6.9CVSS5.9AI score0.00307EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.5 views

Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...

8.2CVSS6.1AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 8:22 p.m.3 views

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...

9.3CVSS5.9AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/24 8:22 p.m.3 views

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...

9.3CVSS5.9AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/23 4:56 p.m.3 views

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

7.1CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.6 views

CVE-2021-2461

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

8.3CVSS6.3AI score0.01026EPSS
Exploits1References1
NVD
NVD
added 2025/12/31 7:15 p.m.9 views

CVE-2021-47725

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

5.4CVSS0.00182EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/31 6:40 p.m.3 views

CVE-2021-47725 STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

5.4CVSS5.8AI score0.00182EPSS
Exploits1References6
CVE
CVE
added 2025/12/31 6:40 p.m.10 views

CVE-2021-47725

CVE-2021-47725 affects STVS ProVision 5.9.10. The vulnerability is an authenticated, reflected cross-site scripting flaw in the HTML context via the POST parameter named “files,” where input is not properly validated. Exploitation allows an attacker with credentials to inject arbitrary HTML/JS th...

5.4CVSS5.8AI score0.00182EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

STVS ProVision 跨站脚本漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site scripting vulnerability exists in STVS ProVision version 5.9.10, which stems from insufficient validation of the files POST parameter input, which could allow an authenticated attacker to inject arbitrary HTML code...

5.4CVSS5.9AI score0.00182EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.4 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.9AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.4 views

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS6.7AI score0.00672EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.7 views

EUVD-2021-34725

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

6.9CVSS6.3AI score0.0017EPSS
Exploits0References5
NVD
NVD
added 2025/12/09 9:15 p.m.5 views

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

7.1CVSS0.00672EPSS
Exploits1References4
OSV
OSV
added 2025/12/09 9:15 p.m.3 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

8.8CVSS5.7AI score0.0017EPSS
Exploits0References4
NVD
NVD
added 2025/12/09 9:15 p.m.4 views

CVE-2021-47723

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

8.8CVSS0.0017EPSS
Exploits0References4
Rows per page
Query Builder