Lucene search
K

2528 matches found

CNVD
CNVD
added 2017/06/29 12:0 a.m.1 views

Gentoo Local Privilege Vulnerability

Gentoo is an open source Linux system from the Gentoo Foundation. Ebuild in Gentoo may change directory and file permissions based on the order of installed packages, which can be exploited by a local attacker to read or write to a restricted directory, execute restricted commands via the affecte...

7.1CVSS7AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2017/06/26 7:29 a.m.4 views

CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

9.8CVSS5.8AI score0.00488EPSS
Exploits2References1
NVD
NVD
added 2017/06/26 7:29 a.m.20 views

CVE-2017-6662

A vulnerability in the web-based user interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker mu...

8CVSS8AI score0.02359EPSS
Exploits2References3
Broadcom
Broadcom
added 2017/06/23 12:0 a.m.8 views

BSA-2017-316

Security Advisory ID : BSA-2017-316 Component : SNMP Revision : 1.0: Interim In SNMP version 1 & 2 authentication should only accept the value stored in the SNMP agent authentication mechanism. With this vulnerability an attacker can use any value string or integer in order to authenticate the SN...

9.1CVSS7.1AI score0.17397EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.65 views

Amazon Linux AMI : kernel (ALAS-2017-845) (Stack Clash)

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be jmp'ed over, this affects Linux Kernel versions 4.11.5 and earlier the stackguard page was introduced in 2010. CVE-2017-1000364 The offset2lib patch as use...

7.8CVSS6.8AI score0.05186EPSS
Exploits12References3
RedHat Linux
RedHat Linux
added 2017/06/14 3:20 p.m.4 views

Qemu: display: cirrus: OOB r/w access issues in bitblt routines

An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on...

7.8CVSS7.7AI score0.00625EPSS
Exploits0References4
myhack58
myhack58
added 2017/06/14 12:0 a.m.77 views

The butterfly effect and the program error---a slag-hole the use-vulnerability warning-the black bar safety net

Description A South American Amazon Basin rainforest butterfly, occasionally flapping a few wings, maybe in Texas cause a tornado? This I'm not sure I can determine is the program of any one of the minor errors after amplification are possible for the program to produce disastrous consequences...

9.3CVSS0.1AI score0.4811EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2017/06/08 12:0 a.m.39 views

Debian DLA-981-1 : apng2gif security update

It was discovered that apng2gif was vulnerable to an integer overflow resulting in a heap-based buffer over-read/write. A remote attacker could use this flaw to cause a denial of service application crash via a crafted APNG file. For Debian 7 'Wheezy', these problems have been fixed in version...

7.5CVSS7.4AI score0.01804EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.37 views

DC/OS Marathon UI - Docker (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DC/OS Marathon UI Docker Exploit', 'Description' = %q Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2017/05/31 8:2 p.m.21 views

Mixmax: Privilege escalation-User who does not have access is able to add notes to the contact

We didn't properly check that users had read-write access to contacts when posting notes...

5.4AI score
Exploits0
CNVD
CNVD
added 2017/05/27 12:0 a.m.3 views

BOSH Director VM Agent Anonymous Endpoint Vulnerability

BOSH is an open source tool for deployment and lifecycle management of large-scale distributed systems, of which Director VM is a virtual machine and stemcell is an image. A security vulnerability exists in the endpoint of the Agent in the BOSH Director VM using stemcell versions prior to 3232.6...

9CVSS6.7AI score0.00876EPSS
Exploits0References1
OSV
OSV
added 2017/05/22 1:29 a.m.3 views

CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...

7.8CVSS5.9AI score0.00886EPSS
Exploits0References3
CNVD
CNVD
added 2017/05/16 12:0 a.m.2 views

HDWiki has a write file vulnerability that can take a shell

Interactive Wiki open source system HDwiki is Interactive Online Beijing Technology Co., Ltd. of an independent intellectual property rights of the Chinese Wiki Wiki system. HDWiki 6.0 version of the background management of any file read-write vulnerability , attackers can exploit the...

7.2AI score
Exploits0
OSV
OSV
added 2017/05/11 2:30 p.m.5 views

CVE-2016-9097

The Symantec Advanced Secure Gateway ASG 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...

7.2CVSS5.8AI score0.02353EPSS
Exploits0References3
myhack58
myhack58
added 2017/05/08 12:0 a.m.72 views

MS16-145: Edge browser the TypedArray. sort UAF vulnerability analysis-vulnerability warning-the black bar safety net

In this article, we will provide the reader detailed analysis of how to use the MS Edge browser in the UAF vulnerability to remote code execution. This article will provide readers in-depth analysis of the impact of MS Edge CVE-2016-7288 UAF vulnerability root causes, and how to reliably trigger...

7.6CVSS0.70354EPSS
Exploits2
CNVD
CNVD
added 2017/04/27 12:0 a.m.5 views

SNMP Protocol Community String Authentication Privilege Bypass Vulnerability in Some Vendor Devices

SNMP is a network management standard based on the TCP/IP protocol family and is a standard protocol for managing network nodes such as servers, workstations, routers, switches, etc. in an IP network. SNMP protocol community strings of some vendors' devices have authentication privilege bypass...

9.1CVSS7.5AI score0.17397EPSS
Exploits3References1
OSV
OSV
added 2017/04/24 7:59 p.m.2 views

CVE-2017-3478

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications subcomponent: Miscellaneous. Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS5.8AI score0.01054EPSS
Exploits0References3
OSV
OSV
added 2017/04/24 3:59 p.m.3 views

CVE-2017-2320

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the...

10CVSS5.8AI score0.01856EPSS
Exploits0References2
OSV
OSV
added 2017/04/20 12:0 a.m.5 views

UBUNTU-CVE-2017-5456

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

9.8CVSS7.2AI score0.0282EPSS
Exploits1References4
CNVD
CNVD
added 2017/04/19 12:0 a.m.4 views

Multiple Read/Write Vulnerabilities in VMware Workstation and Horizon View Client (CNVD-2017-05883)

VMware Workstation is a paid and feature-rich set of virtual machine software.VMware Workstation Player is a free open source and simpler virtual machine software.Horizon Client for Windows is used to virtualize desktops and applications. VMware Workstation and Horizon View Client have multiple...

7.8CVSS7.5AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder