Lucene search
+L

106 matches found

CNNVD
CNNVD
added 2023/07/05 12:0 a.m.7 views

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is an automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an SQL injection...

9.1CVSS8.8AI score0.94716EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.6 views

SUSE CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

3.7CVSS5.1AI score0.03823EPSS
Exploits0References16
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.4 views

Zoom Client 路径遍历漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.0. An attacker can exploit this vulnerability to read and write the Zoom application data directory...

7.1CVSS7.1AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/27 12:0 a.m.5 views

Chipolo ONE 安全漏洞

Chipolo ONE is a key finder from Chipolo. Perfect for finding your keys, bags, backpacks in seconds. Chipolo ONE version 4.13.0 suffers from a security vulnerability that stems from the ability of a trusted owner to remotely share Chipolo access to another user who could be a potential attacker. ...

7.4CVSS7.4AI score0.0056EPSS
Exploits0References3
PyPA
PyPA
added 2022/09/05 10:15 a.m.9 views

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

8.8CVSS7AI score0.01089EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.5 views

npm CLI 信息泄露漏洞

npm CLI is a package manager from the US company npm. An information disclosure vulnerability exists in the npm CLI npm-packlist version v7.9.0 and v7.13.0, which stems from a runtime omission of the root-level .gitignore and .npmignore file exclusion directives...

7.5CVSS7.5AI score0.03465EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2021/09/14 11:15 a.m.5 views

CVE-2021-40354

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...

7.1CVSS5.7AI score0.00585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.7 views

PT-2021-6590 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 and later Description: The issue is related to improper authorization in GitLab, affecting guests in private projects. This allows unauthorized access to view CI/CD analytics. The vulnerability can be exploited...

4.3CVSS4.2AI score0.00833EPSS
Exploits0References14
CNNVD
CNNVD
added 2020/12/22 12:0 a.m.10 views

Odoo Security Vulnerability

Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...

4.3CVSS6.3AI score0.00692EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/28 12:0 a.m.2 views

chocolatey Boxstarter has an unspecified vulnerability

chocolatey Boxstarter is a virtual machine management software for installing virtual Windows environments from chocolatey, USA. A security vulnerability exists in Boxstarter installer versions prior to 2.13.0 that originates from configuring C:ProgramDataBoxstarter to be in the system-wide PATH...

8CVSS7.2AI score0.01551EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/04 12:0 a.m.7 views

GitLab Information Disclosure Vulnerability (CNVD-2020-51536)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...

4.3CVSS6.2AI score0.01207EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/24 12:0 a.m.2 views

ALEOS Out-of-Bounds Read Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. An out-of-bounds read vulnerability exists in the ACEView service in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which can be exploited by an attacker to obtain sensitive information...

9.1CVSS6.7AI score0.00938EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/08/13 12:0 a.m.3 views

PT-2020-13426 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A cross-site scripting XSS issue exists in the issue reference number tooltip. Recommendations: For versions prior to 13.0.12, updat...

7.3CVSS5.7AI score0.01014EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.3 views

PT-2020-13431 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue is related to improper access control on the Applications page. Recommendations: For versions prior to 13.0.12, update to...

7.5CVSS6.8AI score0.01112EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/06/19 12:0 a.m.5 views

PT-2020-13403 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 13.0.1 Description: The issue allows for client-side code injection through Mermaid markup, enabling a specially crafted Mermaid payload to send PUT requests on behalf of other users via clicking on a link...

6.1CVSS6.4AI score0.00871EPSS
Exploits0References10
CNVD
CNVD
added 2020/01/23 12:0 a.m.5 views

Cisco Email Security Appliance AsyncOS Software Input Validation Error Vulnerability (CNVD-2020-32910)

Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. An input validation error vulnerability exists in the Cisco Email Security Appliance prior to version 13.0. The vulnerability arises from a network...

7.5CVSS6.8AI score0.01378EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/01/11 10:21 a.m.4 views

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit cod...

9.8CVSS8.2AI score0.99999EPSS
Exploits48
OSV
OSV
added 2019/12/27 2:15 p.m.3 views

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

9.8CVSS7.5AI score0.99999EPSS
Exploits48References11
OSV
OSV
added 2019/12/18 6:15 p.m.3 views

UBUNTU-CVE-2019-8822

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...

8.8CVSS6.9AI score0.02067EPSS
Exploits0References3
OSV
OSV
added 2018/08/08 2:29 p.m.5 views

CVE-2018-12408

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity XXE attacks via incomin...

7.5CVSS5.7AI score0.02377EPSS
Exploits0References3
Rows per page
Query Builder