Lucene search
K

257 matches found

Chainguard
Chainguard
added 2022/06/16 11:13 p.m.7 views

GHSA-Q874-G24W-4Q9G vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

7.3AI score
Exploits0
OSV
OSV
added 2022/05/24 4:58 p.m.19 views

GHSA-82V2-F875-73G9 Wildfly Authorization Misconfiguration

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...

4.9CVSS6.3AI score0.01141EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2022/05/24 4:58 p.m.16 views

Wildfly Authorization Misconfiguration

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...

5.2CVSS6.8AI score0.01141EPSS
Exploits0References16Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:15 a.m.32 views

phpMyAdmin SSRF in replication

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...

8.8CVSS7.1AI score0.01334EPSS
Exploits0References4Affected Software1
Kaspersky
Kaspersky
added 2022/05/10 12:0 a.m.115 views

KLA12527 Elevation of privilege vulnerability in Microsoft Server Software

Elevation of privilege vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-21978 Related products Microsoft-Exchange-Server CVE list CVE-2022-21978 critical KB list 5014261 5014260 Solution Install...

8.2CVSS9.4AI score0.00842EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/04/27 2:25 p.m.28 views

CVE-2022-24888 Possible Injection in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

4.3CVSS5.2AI score0.01229EPSS
Exploits0References4
Kitploit
Kitploit
added 2022/03/11 11:30 a.m.30 views

WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues outdated server software and insecure HTTP headers. What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities a...

7.5AI score
Exploits0References2
Kaspersky
Kaspersky
added 2021/11/09 12:0 a.m.110 views

KLA12342 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...

8.8CVSS8.6AI score0.93877EPSS
Exploits12References7
Kaspersky
Kaspersky
added 2021/10/12 12:0 a.m.81 views

KLA12314 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

9.6CVSS8.6AI score0.02674EPSS
Exploits0References8
hivepro
hivepro
added 2021/09/20 5:48 a.m.29 views

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

1AI score
Exploits0
NVD
NVD
added 2021/09/01 9:15 p.m.17 views

CVE-2021-40385

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin...

9CVSS0.01133EPSS
Exploits0References1
Prion
Prion
added 2021/09/01 9:15 p.m.20 views

Privilege escalation

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin...

9CVSS8.7AI score0.01133EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/07/26 12:0 a.m.16 views

NCH Quorum Cross-Site Scripting Vulnerability

NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which stems from the product's /conferencebrowseuploadfile?confid=failure to properly handle user input data and can be exploited to...

5.4CVSS1.3AI score0.00589EPSS
Exploits1References1
OSV
OSV
added 2021/07/25 12:0 a.m.10 views

DLA-2710-2 rabbitmq-server - regression update

Bulletin has no description...

7.2AI score
Exploits0
OSV
OSV
added 2021/06/23 3:56 p.m.1 views

SUSE-SU-2021:2147-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...

7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2012:0706-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.03493EPSS
Exploits1References2
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/05/25 9:45 a.m.331 views

What Is Slowloris DDoS Attack❓ Mitigation methods

Slowloris is a DDoS attack software created by Robert “RSnake” Hansen. The software allows a single computer to take on a web server. The attack’s simple but elegant nature means it does not require much bandwidth to carry out its attack on the server of the target webserver with minimal or no si...

0.8AI score
Exploits0
CVE
CVE
added 2021/02/04 4:35 p.m.61 views

CVE-2021-1221

The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...

4.1CVSS4.3AI score0.0103EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2021/01/21 12:0 a.m.2 views

SQL Injection Vulnerability in frontend of wise on-demand server software

wise on-demand server software is server-side distribution software that provides streaming playback of audio and video files. A SQL injection vulnerability exists in the frontend of the sewise VOD server software. An attacker can exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/12/25 12:0 a.m.3 views

HPE iLO Amplifier Pack server Remote Code Execution Vulnerability

HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise automatic update of firmware, drivers, support for manual or automatic recovery of firmware damage to the system, maximiz...

9.8CVSS7.2AI score0.04985EPSS
Exploits0References1
Rows per page
Query Builder