Lucene search
K

29 matches found

Kaspersky
Kaspersky
added 2024/11/26 12:0 a.m.14 views

KLA77550 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memor...

9.8CVSS8.9AI score0.00919EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2024/10/29 12:0 a.m.219 views

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure

ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2023/09/18 6:52 p.m.73 views

USN-6381-1: GNU binutils vulnerabilities

It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service memory exhaustion. CVE-2020-19724, CVE-2020-21490 It was discovered that GNU binutils was not properly performing bounds checks in several functions...

8.8CVSS7.3AI score0.00698EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.67 views

GitLab 15.0 < 15.8.5 / 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1710)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of...

5.3CVSS5.7AI score0.00786EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/12/13 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-5773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.3AI score0.21314EPSS
Exploits3References2
Talos Blog
Talos Blog
added 2022/11/18 5:42 p.m.21 views

Threat Round up for November 11 to 18

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Nov. 11 and Nov. 18. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

7.1AI score
Exploits0
Ubuntu
Ubuntu
added 2022/07/01 6:44 p.m.89 views

USN-5500-1: Linux kernel vulnerabilities

Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Lin Ma discovered that the NFC Controller...

7.8CVSS7.3AI score0.00813EPSS
Exploits5
CVE
CVE
added 2021/07/28 1:52 p.m.194 views

CVE-2021-37601

Prosody vulnerability CVE-2021-37601 affects muc.lib.lua and exposes the list of admins, members, owners, and banned entities for a Multi-User Chat in Prosody 0.11.0–0.11.9. The issue is an information-disclosure flaw that could be exploited remotely in some configurations. Upstream fix is availa...

7.5CVSS7.1AI score0.02329EPSS
Exploits1References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2021/02/11 12:0 a.m.34 views

Advantech iView NetworkServlet ztp_config_name SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet class. When parsing the ztpconfigname parameter, the process...

7.5CVSS2.3AI score0.11791EPSS
Exploits0References1
0day.today
0day.today
added 2020/08/15 12:0 a.m.191 views

QiHang Media Web Digital Signage 3.0.9 Password Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital Signage 3.0.9...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/11 5:22 p.m.44 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in PHP (CVE-2019-11045, CVE-2019-11044, CVE-2019-11046)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-11045 DESCRIPTION: PHP could allow a remote attacker to bypass security restrictions, caused by an issue when DirectoryIterator class accepts filenames with embedded \0 byte and treats them ...

7.5CVSS0.9AI score0.08818EPSS
Exploits3Affected Software1
Prion
Prion
added 2020/03/13 7:15 p.m.16 views

Information disclosure

Some Brother printers such as the HL-L8360CDW v1.20 were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL...

5CVSS7.4AI score0.01713EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.30 views

Security Bulletin: Vulnerabilities CVE-2017-12613 and CVE-2017-12618 in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in aprtimeexp...

7.1CVSS1AI score0.01749EPSS
Exploits3Affected Software1
Ubuntu
Ubuntu
added 2018/03/14 9:56 p.m.89 views

USN-3596-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or opening new tabs, escape the sandbox, bypass same-origin restrictions, obtain...

9.8CVSS7.6AI score0.08024EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/03/15 12:0 a.m.130 views

Microsoft Graphics Component Multiple Vulnerabilities (4013075)

This host is missing a critical security update according to Microsoft Bulletin MS17-013. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS6.6AI score0.821EPSS
Exploits9References4
CVE
CVE
added 2016/11/04 10:0 a.m.144 views

CVE-2016-9189

CVE-2016-9189 concerns Pillow (Python Imaging Library fork). Affected: Pillow versions before 3.3.2. Root cause: integer overflow in Image.core.map_buffer within map.c that can be exploited via crafted image files. Impact: information disclosure (partial confidentiality) per CVSS data; local expl...

5.5CVSS5.9AI score0.01861EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/11/04 12:0 a.m.23 views

Mozilla Firefox < 49.0.2 Multiple Vulnerabilities

Binary data 9751.prm...

9.8CVSS7.9AI score0.02425EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/17 12:0 a.m.175 views

PHP 5.6.x < 5.6.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...

9.8CVSS8.4AI score0.35438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/05/19 12:0 a.m.30 views

Multiple Vendor SNMP public Community String Information Disclosure

Nessus was able to enumerate sensitive information on the remote device by sending SNMP requests using 'public' as the SNMP community string. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid74091; scriptversion"$Revision: 1.2 $"; scriptcvsdate"$Date: 2015/09/24 23:21:...

5.4AI score
Exploits0
Cent OS
Cent OS
added 2014/04/23 7:7 p.m.81 views

tomcat6 security update

CentOS Errata and Security Advisory CESA-2014:0429 Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

7.5CVSS6.6AI score0.83175EPSS
Exploits12References7
Rows per page
Query Builder