Lucene search
+L

268 matches found

Positive Technologies
Positive Technologies
added 2020/08/17 12:0 a.m.8 views

PT-2020-13792 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions prior to 8.6.0 Description: The issue is related to the Replication handler, which allows commands such as backup, restore, and deleteBackup. These commands take a location parameter that was not validated, allowing...

8.8CVSS8.5AI score0.03805EPSS
Exploits0References17
OSV
OSV
added 2020/08/13 5:15 p.m.3 views

DEBIAN-CVE-2020-24331

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file which contains various settings related to this daemon...

7.8CVSS7.5AI score0.00486EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/08/13 12:0 a.m.4 views

PT-2020-15683 · Trousers +6 · Trousers +6

Name of the Vulnerable Software and Affected Versions: TrouSerS versions prior to 0.3.14 Description: An issue was discovered where the tss user still has read and write access to the /etc/tcsd.conf file, which contains various settings related to the tcsd daemon, if the daemon is started with ro...

7.8CVSS8.7AI score0.00553EPSS
Exploits3References40
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.6 views

PT-2020-3112 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to a lack of proper validation of files uploaded to an affected device, allowing an authenticated, remote attacker to conduct directory traversal...

9CVSS8.5AI score0.02644EPSS
Exploits0References3
OSV
OSV
added 2020/07/14 2:15 p.m.6 views

CVE-2020-10039

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to...

8.1CVSS5.7AI score0.00523EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/15 12:0 a.m.3 views

Oasis Cross-Site Request Forgery Vulnerability

Oasis is an open source peer-to-peer social application. A cross-site request forgery vulnerability exists in Oasis versions prior to 2.15.0. An attacker can exploit this vulnerability to read or write to vulnerable applications with the help of a specially crafted malicious website...

8.1CVSS6.8AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.3 views

Samsung Mobile Device Input Validation Error Vulnerability (CNVD-2020-32822)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have an input validation error vulnerability that can be exploited by an attacker to read/write files in a locked state with the help of a...

9.1CVSS6.8AI score0.00401EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/30 12:0 a.m.5 views

Totemo totemomail read/write access vulnerability

Totemo totemomail is an email encryption solution from the Swiss company Totemo. A security vulnerability exists in Totemo totemomail version 7.0.0. The vulnerability can be exploited by a remote attacker via enumeration to read and modify mail folders...

5.5CVSS6.8AI score0.0073EPSS
Exploits0References1
OSV
OSV
added 2020/02/12 3:15 p.m.4 views

CVE-2019-19194

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...

8.8CVSS7.7AI score0.01002EPSS
Exploits1References2
CNVD
CNVD
added 2020/01/03 12:0 a.m.4 views

Red Hat Quay Bot Account Plain Text Token Vulnerability

Red Hat Quay is a private container registry for storing, building, and deploying container images. A bot account plain text token vulnerability exists in Red Hat Quay versions prior to 3.2.0. An attacker could exploit this vulnerability to perform read and write operations on container images...

6.3CVSS6.7AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2019/11/26 4:15 p.m.12 views

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

8.3CVSS8.3AI score0.00832EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 4:15 p.m.5 views

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

8.3CVSS5.8AI score0.00832EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2019/09/24 12:0 a.m.2 views

VulnCheck KEV: CVE-2016-5198

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...

8.8CVSS7.4AI score0.34703EPSS
Exploits1References1
CERT
CERT
added 2019/07/17 12:0 a.m.113 views

Oracle Solaris vulnerable to arbitrary code execution via /proc/self

Overview Oracle Solaris 11 and Solaris 10 are vulnerable to arbitrary code execution if an attacker has read/write access to /proc/self in the process file system. Description The process file system /proc in Oracle Solaris 11 and Solaris 10 provides a self/ alias that refers to the current...

7.7AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.36 views

Docker Elevation of Privilege Vulnerability

Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...

7.5CVSS7.2AI score0.03398EPSS
Exploits2
CVE
CVE
added 2019/05/23 1:58 p.m.462 views

CVE-2018-15664

CVE-2018-15664 affects Docker prior to fix in 18.06.1-ce-rc2, enabling a symlink-exchange attack via the docker cp API that can grant an attacker arbitrary read/write access to the host filesystem with root privileges due to archive handling on non-frozen/chrooted filesystems. Public advisories (...

7.5CVSS7.2AI score0.03398EPSS
Exploits2References11Affected Software1
NVD
NVD
added 2019/02/25 10:29 p.m.23 views

CVE-2018-5839

Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU,...

7.1CVSS6.9AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2018/11/30 5:29 p.m.3 views

CVE-2018-15768

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database...

6.5CVSS5.8AI score0.09051EPSS
Exploits6References3
Cvelist
Cvelist
added 2018/11/30 5:0 p.m.19 views

CVE-2018-15768 Insecure MySQL Configuration Vulnerability

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database...

7.4AI score0.09051EPSS
Exploits6References3
OSV
OSV
added 2018/11/02 10:29 p.m.4 views

CVE-2018-11062

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

8.8CVSS5.8AI score0.01769EPSS
Exploits0References2
Rows per page
Query Builder