Lucene search
K

82 matches found

Debian CVE
Debian CVE
added 2020/11/04 5:55 p.m.39 views

CVE-2020-8036

The tok2strbuf function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way...

7.5CVSS7.6AI score0.01449EPSS
Exploits1
Mageia
Mageia
added 2020/01/30 6:28 p.m.71 views

Updated sqlite3 packages fix security vulnerabilities

Updated sqlite3 packages fix security vulnerabilities: An out of bounds write flaw CVE-2019-13734, insufficient data validation flaw CVE-2019-13750, uninitialized use flaw CVE-2019-13751, and out of bounds read flaws CVE-2019-13752, CVE-2019-13753 in SQLite before 3.31.0. It was discovered that...

8.8CVSS8.6AI score0.06937EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2019/05/14 8:26 p.m.8 views

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

5.6CVSS7AI score0.00607EPSS
Exploits0References5
Veracode
Veracode
added 2018/10/24 3:33 a.m.12 views

Cross-Site Scripting (XSS)

angular-gettext is vulnerable to cross-site scripting. interpolationContext is passed to getString or getPlural functions in dist/angular-gettext.js and src/directive.js, which allows attackers to inject arbitrary Javascript code into a victim's browser when the attribute...

6.5AI score
Exploits0
CNVD
CNVD
added 2016/11/28 12:0 a.m.25 views

Security Bypass Vulnerability in Huawei's Secure Storage Trusted Application for Some Phones

Huawei P9, P9 Lite, P8 Lite are Huawei smartphones. A security bypass vulnerability exists in the Secure Storage Trusted App SSTA of some Huawei phones. An attacker who has gained root privileges on Android can exploit the vulnerability to read and write user-state memory data in any location in...

6.4CVSS6.9AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/02 12:0 a.m.6 views

IBM QRadar SIEM Unauthorized Access Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM ha...

3.5CVSS6.4AI score0.00615EPSS
Exploits0References1
Prion
Prion
added 2016/05/22 1:59 a.m.23 views

Cross site scripting

Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...

4.3CVSS6.1AI score0.05361EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2016/05/22 1:0 a.m.84 views

CVE-2016-4566

The CVE-2016-4566 entry concerns a cross-site scripting (XSS) vulnerability in plupload.flash.swf (Plupload before 2.1.9) used by WordPress before 4.5.2. The flaw allows remote attackers to inject arbitrary script or HTML via a Same-Origin Method Execution (SOME) attack. Public details from conne...

6.1CVSS5.9AI score0.05361EPSS
Exploits0References8Affected Software1
Hacker One
Hacker One
added 2016/04/26 9:53 a.m.54 views

Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE

Intro == WordPress is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do s...

6.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/03/11 3:27 p.m.5 views

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

7.2CVSS6.6AI score0.01176EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2015/02/10 9:51 p.m.9 views

kernel: splice: lack of generic write checks

A flaw was found in the way the Linux kernel's splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system...

7.2CVSS6.6AI score0.01176EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2014/10/08 12:0 a.m.24 views

xdelta3 -- buffer overflow vulnerability

Stepan Golosunov reports: Buffer overflow was found and fixed in xdelta3 binary diff tool that allows arbitrary code execution from input files at least on some systems...

8.8CVSS9.2AI score0.04157EPSS
Exploits0References2
seebug.org
seebug.org
added 2013/06/20 12:0 a.m.16 views

ShopEx最新版多处SQL注射

简要描述: 不知道我有不有搞错,但已经尽量下载了最新版了。。。 在很多地方测试都存在。。。 ShopEx最新版多处SQL注射 详细说明: 我很怀疑自己是不是搞错呢。。。 注射1: http://127.0.0.1:5656/shopex/api.php POST act=searchsubregions&apiversion=1.0&returndata=string&pregionid=22 and select 1 fromselect count,concat0x7c,select Select version from informationschema.tables limit...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2013/06/13 12:0 a.m.18 views

Fedora Update for ktimer FEDORA-2013-10130

Check for the Version of ktimer OpenVAS Vulnerability Test Fedora Update for ktimer FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

0.6AI score0.00558EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.8 views

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

6.8CVSS6.6AI score0.15561EPSS
Exploits1References4
OSV
OSV
added 2009/10/30 8:30 p.m.1 views

DEBIAN-CVE-2009-3549

packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service application crash via a file that records a malformed packet trace...

5CVSS6.4AI score0.02599EPSS
Exploits2References1
CVE
CVE
added 2006/07/10 8:0 p.m.50 views

CVE-2006-3485

CVE-2006-3485 affects AstroDog Press Some Chess 1.5-RC2 and earlier. The vulnerability is a SQL injection in unspecified vectors, with potential involvement of the gameID parameter in board.php, allowing remote attackers to execute arbitrary SQL commands. Documents do not specify concrete exploit...

7.5CVSS9.1AI score0.0142EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/06/28 10:5 p.m.18 views

CVE-2006-3272

Cross-site request forgery CSRF vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third...

5CVSS6.7AI score0.01024EPSS
Exploits0References2
NVD
NVD
added 2006/06/28 10:5 p.m.16 views

CVE-2006-3273

Cross-site scripting XSS vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter "New Name" field...

2.6CVSS5.7AI score0.01269EPSS
Exploits0References6
CVE
CVE
added 2006/06/28 10:0 p.m.45 views

CVE-2006-3273

The CVE-2006-3273 entry documents a Cross-site Scripting (XSS) vulnerability in menu.php of Some Chess 1.5 rc1, exploitable via the user parameter in the “New Name” field. The affected component is menu.php within Some Chess 1.5 rc1; the underlying cause is input that is not properly sanitized, e...

2.6CVSS5.9AI score0.01269EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder