Lucene search
K

134 matches found

Debian CVE
Debian CVE
added 2020/06/16 12:26 p.m.16 views

CVE-2020-13431

Removed by vendor...

7.8CVSS7.7AI score0.00309EPSS
Exploits0
CNVD
CNVD
added 2020/06/02 12:0 a.m.70 views

OpenSSH Input Validation Error Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools from the OpenBSD Project Group for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, an...

7.5CVSS8.1AI score0.02267EPSS
Exploits0References1
OSV
OSV
added 2020/06/01 4:15 p.m.2 views

DEBIAN-CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.9AI score0.02267EPSS
Exploits0References1
NVD
NVD
added 2020/06/01 4:15 p.m.34 views

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.5AI score0.02267EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/06/01 4:15 p.m.109 views

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.2AI score0.02267EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/06/01 3:28 p.m.60 views

CVE-2020-12062

The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...

7.5CVSS7.9AI score0.02267EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/01 12:0 a.m.15 views

PT-2020-6183 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH version 8.2 Description: The issue arises from the scp client in OpenSSH incorrectly sending duplicate responses to the server upon a utimes system call failure. This allows a malicious unprivileged user on the remote server to...

10CVSS6.8AI score0.99506EPSS
Exploits207References348
OSV
OSV
added 2020/04/20 1:15 a.m.3 views

CVE-2020-11930

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option...

6.1CVSS5.8AI score0.04457EPSS
Exploits1References4
OSV
OSV
added 2019/11/25 5:15 p.m.5 views

CVE-2018-2025

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551...

4.4CVSS5.8AI score0.00304EPSS
Exploits1References2
Prion
Prion
added 2019/04/09 4:29 p.m.21 views

Design/Logic Flaw

A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some...

3.6CVSS6AI score0.00552EPSS
Exploits1References7Affected Software5
ATTACKERKB
ATTACKERKB
added 2019/03/07 12:0 a.m.28 views

Webmin 1.900 Upload Execution

Webmin 1.900 allows authenticated users with “Upload and Download” module access to upload cgi files to a webroot subdirectory and the uploaded files can be executed by sending requests to the web server. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details Webmin 1.900...

7.8CVSS7.3AI score0.23689EPSS
Exploits3References4
Akamai Blog
Akamai Blog
added 2018/12/06 4:56 p.m.57 views

Domain Name Consolidation - Observations from the Field

Domain Name Consolidation The market and marketing of Web property domain names is changing. Companies prefer to promote top level domains TLDs, have the option of selecting brand-relevant domain extensions e.g. SaaS.com, and no longer need country-relevant domains to optimize search engine resul...

7.2AI score
Exploits0
NVD
NVD
added 2018/10/26 12:29 a.m.21 views

CVE-2018-18654

Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to...

7.8CVSS7.4AI score0.00306EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/10/26 12:29 a.m.33 views

CVE-2018-18654

Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to...

7.8CVSS7.1AI score0.00306EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/10/26 12:0 a.m.55 views

CVE-2018-18654

Removed by vendor...

7.8CVSS7.7AI score0.00306EPSS
Exploits0
Prion
Prion
added 2018/08/30 10:29 p.m.15 views

Cross site scripting

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering...

4.3CVSS5.9AI score0.00675EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/30 10:29 p.m.16 views

CVE-2018-16236

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering...

6.1CVSS6AI score0.00675EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/30 10:0 p.m.18 views

CVE-2018-16236

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering...

6AI score0.00675EPSS
Exploits1References1
CVE
CVE
added 2018/08/30 10:0 p.m.44 views

CVE-2018-16236

CVE-2018-16236 affects cPanel through version 74, allowing XSS via a crafted filename in the logs subdirectory of a user account. The root cause is that the filename is mishandled during rendering of frontend/THEME/raw/index.html, enabling script injection. Exploit details (in-the-wild, vectors) ...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/03/20 6:29 p.m.6 views

CVE-2018-1141

When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location...

7CVSS5.8AI score0.00246EPSS
Exploits0References2
Rows per page
Query Builder