Lucene search
+L

68 matches found

NVD
NVD
added 2022/04/01 11:15 p.m.30 views

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

6.5CVSS0.00653EPSS
Exploits0References2
Prion
Prion
added 2022/04/01 11:15 p.m.18 views

Design/Logic Flaw

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

6.4CVSS7AI score0.00653EPSS
Exploits0References2Affected Software4
Github Security Blog
Github Security Blog
added 2022/01/06 10:23 p.m.35 views

Insertion of Sensitive Information into Log File in Apache Geode

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

7.5CVSS6.8AI score0.02894EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/01/05 4:12 a.m.19 views

Information Disclosure

geode-core is vulnerable to information disclosure. The vulnerability exists through the ArgumentRedactor function when the values are begin with characters other than letters or numbers for passwords and security properties, its leads to expose sensitive information through log files...

7.5CVSS2.7AI score0.02894EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2022/01/04 9:15 a.m.21 views

Design/Logic Flaw

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

5CVSS7.2AI score0.02894EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:45 p.m.28 views

Incorrect Comparison in sodiumoxide

An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

9.8CVSS9AI score0.01484EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2021/02/04 6:15 a.m.23 views

Code injection

An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...

7.5CVSS9.2AI score0.00437EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/04 5:15 a.m.32 views

CVE-2021-26688

An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...

9.6AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2020/12/31 10:15 a.m.21 views

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

9.8CVSS9.4AI score0.01484EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 10:15 a.m.13 views

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

9.8CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2020/12/31 8:33 a.m.26 views

CVE-2019-25002

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...

9.5AI score0.01484EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2019/11/22 12:0 a.m.364 views

macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache

Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...

7.4AI score
Exploits0
OSV
OSV
added 2018/11/27 7:37 a.m.9 views

SUSE-SU-2018:3921-1 Security update for java-1_7_1-ibm

java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...

8.3CVSS5.6AI score0.07215EPSS
Exploits2References9
exploitpack
exploitpack
added 2018/09/13 12:0 a.m.97 views

Apache Syncope 2.0.7 - Remote Code Execution

Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...

6.5CVSS0.3AI score0.20502EPSS
Exploits4
n0where
n0where
added 2018/08/23 4:0 p.m.23 views

Bounded Model Checking Framework for Heap-implementations: HeapHopper

Heap metadata attacks have become one of the primary ways in which attackers exploit memory corruption vulnerabilities. While heap implementation developers have introduced mitigations to prevent and detect corruption, it is still possible for attackers to work around them. In part, this is becau...

Exploits0References1
Kitploit
Kitploit
added 2018/01/24 12:50 p.m.58 views

rbndr - Simple DNS Rebinding Service

rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...

7.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2016/07/21 10:0 a.m.0 views

CVE-2016-3574

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-357...

5.6AI score0.0385EPSS
Exploits1References6
CNVD
CNVD
added 2015/10/22 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Sun Solaris (CNVD-2015-06814)

Oracle Sun Solaris is a set of Unix-like operating systems from Oracle. An unspecified vulnerability exists in Oracle Sun Solaris 11.2. The vulnerability allows local users to affect confidentiality, integrity, and availability via unspecified vectors related to utilities/security...

6.6CVSS6.3AI score0.00387EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/02/24 1:44 p.m.5 views

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503...

9.3CVSS5.8AI score0.04808EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/04/17 11:30 a.m.12 views

OpenJDK: Better access restrictions (Sound, 8006328)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

7.6CVSS6.8AI score0.05571EPSS
Exploits0References5
Rows per page
Query Builder