Lucene search
K

2528 matches found

OSV
OSV
added 2018/03/20 2:29 p.m.3 views

CVE-2018-4844

A vulnerability has been identified in SIMATIC WinCC OA UI for Android All versions V3.15.10, SIMATIC WinCC OA UI for iOS All versions V3.15.10. Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache...

6.7CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/03/20 12:0 a.m.8 views

PT-2018-16563 · Siemens · Simatic Wincc Oa Ui For Android +1

Name of the Vulnerable Software and Affected Versions: SIMATIC WinCC OA UI for Android versions prior to V3.15.10 SIMATIC WinCC OA UI for iOS versions prior to V3.15.10 Description: A security issue has been identified due to insufficient limitation of CONTROL script capabilities, allowing read a...

6.7CVSS6.3AI score0.00427EPSS
Exploits0References4
0day.today
0day.today
added 2018/03/20 12:0 a.m.62 views

Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Es

Exploit for windows platform in category local exploits Windows: Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write EoP Platform: Windows 1703 version 1709 seems to have fixed this bug Class: Elevation of Privilege Summary: The handling of the virtual registry NtLoadKey callback...

6.8AI score0.0292EPSS
Exploits2
seebug.org
seebug.org
added 2018/03/16 12:0 a.m.420 views

Ubuntu本地提权漏洞(CVE-2017-16995)

Since commit f1174f77b50c "bpf/verifier: rework value tracking", the eBPF range tracking is security-relevant for the verification of eBPF code provided by unprivileged users. Therefore, any tiny slip-up in the arithmetic range tracking now turns into an arbitrary read+write in the full kernel...

7.2CVSS7.7AI score0.30052EPSS
Exploits16
CNVD
CNVD
added 2018/03/14 12:0 a.m.5 views

Red Hat OpenShift Enterprise Elevation of Privilege Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise version 3.7. An...

7.1CVSS6.8AI score0.0061EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2018/03/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2007-5633

Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, allows local users to read or write arbitrary MSRs, and gain privileges and load unsigned drivers, via the 1 IOCTLRDMSR 0x9C402438 and 2 IOCTLWRMSR 0x9C40243C IOCTLs to \Device\speedfan, as...

7.2CVSS7.2AI score0.00935EPSS
Exploits1References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.5 views

Linux kernel NFS server (nfsd) file read vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The NFS server nfsd is one of the network file system servers. A security vulnerability exists in the NFS server nfsd in versions prior to Linux kernel commit 1995266727fa. A remote...

7.4CVSS7.8AI score0.01411EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/23 12:0 a.m.4 views

eQ-3 AG HomeMatic CCU2 Remote Code Execution Vulnerability (CNVD-2018-05831)

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from the German company eQ-3. tcl script interpreter is one of the script interpreters for the TCL language. A remote code execution vulnerability exists in the TCL script interpreter in eQ-3 AG Homematic CCU2...

10CVSS8.3AI score0.64811EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/02/22 7:0 p.m.26 views

CVE-2018-7297

Remote Code Execution in the TCL script interpreter in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to obtain read/write access and execute system commands on the device. This vulnerability can be exploited by unauthenticated attackers with access to the web interface...

9.9AI score0.64811EPSS
Exploits2References2
OSV
OSV
added 2018/02/09 11:29 p.m.13 views

CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

7.5CVSS6.3AI score0.77297EPSS
Exploits7References9
NVD
NVD
added 2018/02/09 11:29 p.m.54 views

CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

7.5CVSS7.9AI score0.77297EPSS
Exploits7References9
Prion
Prion
added 2018/02/09 11:29 p.m.27 views

Remote code execution

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

6CVSS7.9AI score0.77297EPSS
Exploits7References9Affected Software1
Cvelist
Cvelist
added 2018/02/09 11:0 p.m.52 views

CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

7.9AI score0.77297EPSS
Exploits7References9
OpenVAS
OpenVAS
added 2018/02/06 12:0 a.m.26 views

Debian: Security Advisory (DLA-1117-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8AI score0.03066EPSS
Exploits1References3
exploitpack
exploitpack
added 2018/01/24 12:0 a.m.82 views

Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape

Oracle VirtualBox 5.1.30 5.2-rc1 - Guest to Host Escape SSD Advisory – Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle...

4.1CVSS0.01658EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/01/24 12:0 a.m.70 views

Oracle VirtualBox Guest To Host Escape

SSD Advisory a Oracle VirtualBox Multiple Guest to Host Escape Vulnerabilities Source: https://blogs.securiteam.com/index.php/archives/3649 Vulnerabilities summary The following advisory describes two 2 guest to host escape found in Oracle VirtualBox version 5.1.30, and VirtualBox version 5.2-rc1...

8.6AI score0.01658EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2018/01/18 6:0 a.m.9 views

CVE-2018-0100

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE entries when...

6.1AI score0.00411EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.4 views

CVE-2018-2722

Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications subcomponent: User Interface. The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

6.1CVSS7.3AI score0.01098EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.10 views

CVE-2018-2691

Vulnerability in the Oracle User Management component of Oracle E-Business Suite subcomponent: Proxy User Delegation. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via...

5.4CVSS7.3AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2018/01/18 2:29 a.m.5 views

CVE-2018-2659

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime SEC. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

6.1CVSS7.3AI score
Exploits0References2
Rows per page
Query Builder