Lucene search
K

1887 matches found

RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.4 views

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

6.1CVSS7.2AI score0.07055EPSS
Exploits0References4
OSV
OSV
added 2020/06/10 8:15 p.m.2 views

CVE-2020-11622

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368., 4.21.4-FCRFX., 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1...

7.5CVSS5.8AI score0.01277EPSS
Exploits0References2
OSV
OSV
added 2020/06/08 5:15 p.m.32 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.9AI score0.15193EPSS
Exploits3References17
OSV
OSV
added 2020/06/08 5:15 p.m.4 views

DEBIAN-CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.5AI score0.15193EPSS
Exploits3References1
Prion
Prion
added 2020/06/08 5:15 p.m.35 views

Open redirect

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS7.4AI score0.15193EPSS
Exploits3References17Affected Software2
OSV
OSV
added 2020/06/08 5:15 p.m.2 views

UBUNTU-CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.7AI score0.15193EPSS
Exploits3References9
Debian CVE
Debian CVE
added 2020/06/08 4:45 p.m.27 views

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.8CVSS6.5AI score0.15193EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2020/06/08 12:0 a.m.38 views

CVE-2020-12695 "CallStranger"

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Recent assessments: kevthehermit at June 0...

7.8CVSS0.1AI score0.15193EPSS
Exploits3References22
NVD
NVD
added 2020/06/01 2:15 p.m.18 views

CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS5.6AI score0.00746EPSS
Exploits0References2
OSV
OSV
added 2020/06/01 2:15 p.m.3 views

DEBIAN-CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS6.4AI score0.00746EPSS
Exploits0References1
OSV
OSV
added 2020/06/01 2:15 p.m.19 views

CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS7.3AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/06/01 2:15 p.m.22 views

CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS6.8AI score0.00746EPSS
Exploits0References3
Prion
Prion
added 2020/06/01 2:15 p.m.19 views

Integer overflow

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

4.3CVSS5.8AI score0.00746EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/01 2:15 p.m.3 views

UBUNTU-CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS7.1AI score0.00746EPSS
Exploits0References4
CVE
CVE
added 2020/06/01 1:50 p.m.62 views

CVE-2019-20805

The CVE-2019-20805 issue affects UPX (PackLinuxElf32/64: p_lx_elf.cpp) prior to 3.96, caused by an integer overflow during unpacking in a PT_DYNAMIC segment. Public documents describe a heap/string vulnerability surface through crafted input impacting UPX’s ELF packing logic, with the CVSS metric...

5.5CVSS5.8AI score0.00746EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/06/01 1:50 p.m.20 views

CVE-2019-20805

plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment...

5.5CVSS6.5AI score0.00746EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/01 12:0 a.m.4 views

PT-2020-10775 · Upx Team +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX versions prior to 3.96 Description: The issue arises from an integer overflow in the p lx elf.cpp file during the unpacking process, specifically when encountering crafted values in a PT DYNAMIC segment. Recommendations: For versions prio...

7.8CVSS6.9AI score0.02495EPSS
Exploits29References75
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.65 views

Oracle Application Testing Suite (Apr 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a Server Side Request Forgery SSRF vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications component: Core Apache Axis. The supported versions which are...

7.5CVSS6.8AI score0.86503EPSS
Exploits7References3
Veracode
Veracode
added 2020/04/10 12:42 a.m.27 views

Denial Of Service (DoS)

kvm is vulnerable to denial of service. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO TCP segment offloading implementation, a guest's virtio-net driver would transmit improper...

7.8CVSS1.9AI score0.03518EPSS
Exploits0References17Affected Software1
OpenVAS
OpenVAS
added 2020/04/08 12:0 a.m.4 views

ZSQL: IP Address Blacklist

The IP address blacklist is configured by setting the TCPEXCLUDEDNODES parameter. After IP address whitelist/blacklist checking is enabled and the IP address blacklist is configured, the blacklisted clients cannot access the database. Such a blacklist allows for IPv4 and IPv6 addresses, as well a...

7.3AI score
Exploits0References1
Rows per page
Query Builder