Lucene search
K

352 matches found

Prion
Prion
added 2023/03/22 6:15 a.m.9 views

Privilege escalation

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not...

6.5CVSS8.9AI score0.00993EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony-v3.1.5 version and earlier versions. An attacker exploiting this vulnerability could gain access to kernel memory data...

7.5CVSS7.4AI score0.00598EPSS
Exploits0References2
Veracode
Veracode
added 2023/02/17 6:27 a.m.76 views

SQL Injection

sequelize is vulnerable to SQL Injection attacks. A specifically crafted attack statement through query-generator.js allows a malicious user to inject and execute arbitrary SQL queries on the target system due to improper attribute filtering...

10CVSS9.8AI score0.00831EPSS
Exploits0References7Affected Software1
0day.today
0day.today
added 2023/02/06 12:0 a.m.581 views

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

7.8CVSS7.7AI score0.09783EPSS
Exploits8
hivepro
hivepro
added 2023/01/26 2:57 a.m.22 views

VMware addresses Security Flaws in vRealize Log Insight

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary VMware has patched four security flaws in vRealize Log Insight aka Aria Operations for Logs that could potentially expose users to remote code execution attacks and allow an unauthenticated attack...

3.1AI score
Exploits0
Veracode
Veracode
added 2023/01/24 1:29 a.m.16 views

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site ScriptingXSS attacks. The library does not properly escape the user input before converting to HTML entities, which allows an attacker to inject and execute malicious code on the target system...

5.4CVSS5.7AI score0.00541EPSS
Exploits0References4Affected Software2
Check Point Advisories
Check Point Advisories
added 2022/11/22 12:0 a.m.7 views

Qognify Ocularis Insecure Deserialization (CVE-2020-27868)

An insecure deserialization vulnerability exists in Qognify Ocularis. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the target system...

10CVSS4.6AI score0.8121EPSS
Exploits0
Veracode
Veracode
added 2022/10/21 8:40 a.m.19 views

Remote Code Execution

com.alibaba:hessian-lite is vulnerable to remote code execution. The vulnerability exists due to insecure input validation when processing serialized data in getSerializer and getDeserializer functions in SerializerFactory.java, which allows an attacker to pass specifically crafted data to the...

9.8CVSS9.6AI score0.02351EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2022/10/13 12:27 p.m.21 views

Remote Code Execution

Dolibarr is vulnerable to remote code execution. By default, it is possible to add any administrator to the installation page, which enables the malicious user to inject and execute malicious code on the target system due to improper validations in the verifCond function in functions.lib.php...

9.8CVSS9.5AI score0.33371EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/09/28 12:0 a.m.54 views

Zimbra Collaboration Suite Remote Code Execution Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by t...

9.8CVSS3.2AI score0.95478EPSS
Exploits7References1
CNVD
CNVD
added 2022/07/25 12:0 a.m.21 views

Cisco Nexus Dashboard Elevation of Privilege Vulnerability (CNVD-2022-54958)

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. An elevation of privilege vulnerability exists in Cisco Nexus Dashboard that stems from insufficient input validation during CLI command execution. An...

6.7CVSS6.9AI score0.00206EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.25 views

Apple macOS Monterey Buffer Overflow Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey suffers from a buffer overflow vulnerability that originates from a boundary error in the handling of untrusted input in the SMB component, which can be exploited by an...

7.8CVSS8AI score0.01574EPSS
Exploits0References1
Veracode
Veracode
added 2022/07/06 12:43 a.m.20 views

Improper Input Validation

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. A flaw was found in the Puppet...

9.8CVSS8.8AI score0.00903EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2022/06/05 12:0 a.m.13 views

Carrier LenelS2 HID Mercury access panels OS command injection vulnerability

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. An operating system command injection vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to pass specially crafted data to an application and execute...

9CVSS4.3AI score0.01246EPSS
Exploits0References1
Veracode
Veracode
added 2022/06/03 5:15 a.m.33 views

Validation Bypass

bottle is vulnerable to validation bypass. The library mishandles errors in handle function during early request binding, allowing an attacker to compromise the target system...

9.8CVSS8.8AI score0.01869EPSS
Exploits0References9Affected Software3
CNVD
CNVD
added 2022/06/02 12:0 a.m.29 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-06864)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that originates from a boundary error when processing HTML content. An attacker could exploit this vulnerability to execute arbitrary code o...

9.8CVSS9.6AI score0.00656EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.19 views

IBM Robotic Process Automation SQL Injection Vulnerability

IBM Robotic Process Automation is a robotic process automation product from IBM Corporation. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation is vulnerable to a SQL injection vulnerability that could be...

9.8CVSS2.8AI score0.01214EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/16 12:0 a.m.17 views

Money Transfer Management System SQL Injection Vulnerability (CNVD-2022-85121)

Money Transfer Management System is a remittance management system.Money Transfer Management System 1.0 is vulnerable to SQL injection, which can be exploited by attackers to obtain information about data in the target system...

9.8CVSS3.9AI score0.01091EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.37 views

Adobe InDesign < 16.4.2 / 17.0 < 17.2.0 Multiple Arbitrary code execution (APSB22-23)

The version of Adobe InDesign installed on the remote Windows host is prior to 16.4.2, 17.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-23 advisory. - Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write...

7.8CVSS7.7AI score0.00445EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/04 3:20 p.m.27 views

CVE-2021-20051

SonicWall Global VPN Client 4.10.7.1117 installer 32-bit and 64-bit and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system...

7.8AI score0.00697EPSS
Exploits0References1
Rows per page
Query Builder