Lucene search
+L

711 matches found

ptsecurity
ptsecurity
added 2021/03/11 12:0 a.m.9 views

PT-2021-8423 · Wind River · Vxworks

Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.5 through 7 Description: A DNS client stack-based buffer overflow in the ipdnsc decode name function affects the software. This issue only affects products that are no longer supported by the maintainer...

9.8CVSS7.2AI score0.01894EPSS
Exploits1References6
osv
osv
added 2021/02/24 12:15 p.m.6 views

CVE-2021-20656

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors...

4.3CVSS6.2AI score0.01112EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/01/27 12:0 a.m.6 views

Vmware Spring Cloud Data Flow SQL Injection Vulnerability

Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...

7.2CVSS6.6AI score0.0106EPSS
Exploits0References2
pypa
pypa
added 2021/01/21 3:15 p.m.6 views

PYSEC-2021-48

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.8AI score0.01078EPSS
Exploits0References4Affected Software1
pypa
pypa
added 2021/01/21 3:15 p.m.5 views

PYSEC-2021-49

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.8AI score0.0118EPSS
Exploits3References6Affected Software1
cnnvd
cnnvd
added 2020/11/30 12:0 a.m.7 views

Huawei FusionCompute 命令注入漏洞

FusionCompute is Huawei's self-developed computing virtualization software. A command injection vulnerability exists in FusionCompute 6.5.1, 8.0.0. The vulnerability stems from insufficient authentication. An attacker can exploit the vulnerability to gain higher privileges via a specially crafted...

7.2CVSS7.1AI score0.01023EPSS
Exploits0References2
osv
osv
added 2020/11/12 9:15 p.m.5 views

CVE-2020-24719

Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...

9.8CVSS5.9AI score0.23304EPSS
Exploits0References1
osv
osv
added 2020/10/09 7:15 a.m.3 views

CVE-2020-26923

Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24...

4.8CVSS5.8AI score0.00517EPSS
Exploits0References1
attackerkb
attackerkb
added 2020/07/29 5:15 p.m.4 views

CVE-2020-15086

In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code...

9.8CVSS9AI score0.02721EPSS
Exploits1References4Affected Software1
osv
osv
added 2020/07/06 6:15 p.m.5 views

CVE-2020-5352

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system...

8.8CVSS6.1AI score0.02911EPSS
Exploits0References1
osv
osv
added 2020/06/12 2:15 p.m.5 views

CVE-2020-9645

Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...

7.5CVSS7.1AI score0.03294EPSS
Exploits0References1
cnvd
cnvd
added 2020/05/29 12:0 a.m.10 views

WordPress bbPress Elevation of Privilege Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bbPress is a forum plugin that is used in it. A security vulnerability exists in WordPress bbPress versions prior to 2.6.5. An...

9.8CVSS6.6AI score0.43879EPSS
Exploits7References1
osv
osv
added 2020/04/29 3:15 a.m.4 views

CVE-2020-3955

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...

9.3CVSS5.8AI score0.01309EPSS
Exploits0References1
cnvd
cnvd
added 2020/04/29 12:0 a.m.4 views

VMware ESXi Cross-Site Scripting Vulnerability

VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. A cross-site scripting vulnerability exists in VMware ESXi versions 6.5 and 6.7. An attacker can exploit this vulnerability to inject malicious scripts...

9.3CVSS6AI score0.01309EPSS
Exploits0
cnvd
cnvd
added 2020/03/23 12:0 a.m.6 views

Caldera Access Control Error Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An access control error vulnerability exists in authsvc in versions of Caldera prior to 2.6.5, which can be exploited by an attacker to bypass...

5.3CVSS7AI score0.0144EPSS
Exploits0References1
osv
osv
added 2020/02/18 3:15 a.m.2 views

CVE-2020-1790

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands...

8.8CVSS7.3AI score
Exploits0References1
osv
osv
added 2020/01/28 7:15 p.m.3 views

UBUNTU-CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...

9.8CVSS6.4AI score0.01068EPSS
Exploits0References3
cnvd
cnvd
added 2020/01/20 12:0 a.m.3 views

Huawei GaussDB 200 Command Injection Vulnerability

Huawei GaussDB 200 is a distributed parallel relational database system developed by Huawei China based on the open source database Postgres-XC. A command injection vulnerability exists in Huawei GaussDB 200 version 6.5.1, which arises from a program that fails to adequately perform input...

8.8CVSS8AI score0.01144EPSS
Exploits0References1
cnvd
cnvd
added 2020/01/17 12:0 a.m.2 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-02995)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager 6.3, 6.4, and 6.5. An attacker can exploit this vulnerability to obtain...

6.1CVSS6.1AI score0.01498EPSS
Exploits0References1
cnvd
cnvd
added 2019/12/24 12:0 a.m.2 views

Open TFTP Server Formatting String Error Vulnerability

Open TFTP Server MT is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in Open TFTP Server MT version 1.65 and earlier. The vulnerability stems from a network system or product that receives external formatted strings as parameters with lax filteri...

9.8CVSS7AI score0.02257EPSS
Exploits0References1
Rows per page
Query Builder