Lucene search
+L

3083 matches found

CNVD
CNVD
added 2018/03/27 12:0 a.m.5 views

IBM Rational Collaborative Lifecycle Management Jazz Foundation Information Disclosure Vulnerability

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines RTC, RQM, and RRC products in an IBM SmartCloud Enterprise cloud environment image to provide requirements management, change and...

4.3CVSS6.5AI score0.01854EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/27 12:0 a.m.2 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-07269)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions prior to 2.4.30. An attacker can exploit this vulnerability b...

7.5CVSS9.2AI score0.70783EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/03/22 12:0 a.m.9 views

PT-2018-1294 · Schneider Electric · Modicon M340 +3

Name of the Vulnerable Software and Affected Versions: Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers affected versions not specified Description: The issue is related to hard-coded accounts in the communication modules of the affected controllers...

10CVSS7.3AI score0.03818EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2018/03/16 12:0 a.m.8 views

The vulnerability of the Apsis Pound proxy server, related to HTTP request processing flaws, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apsis Pound proxy server is related to HTTP request processing flaws. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely, using specially crafted headers for such attacks...

9.8CVSS7.8AI score0.02839EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/03/15 12:0 a.m.5 views

Dovecot Read Across Boundaries Vulnerability Vulnerability

Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . An out-of-bounds read vulnerability exists in Dovecot version 2.2.33.2. An attacker can exploit this vulnerability to cause a denial of service and obtain sensitive information by sending specially crafted emai...

7.1CVSS6.6AI score0.16979EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/03/15 12:0 a.m.69 views

The vulnerability of the TCP packet processing driver in Snort and Suricata IDS systems allows attackers to bypass network attack detection functions.

The vulnerability of the TCP packet processing driver in Snort and Suricata IDS systems is related to the implementation of an internal mechanism for handling TCP connections. Exploiting this vulnerability allows a malicious actor to bypass the network attack detection functions, which are...

7.5CVSS5.5AI score0.24712EPSS
Exploits4References4Affected Software2
curl security advisories
curl security advisories
added 2018/03/14 8:0 a.m.8 views

FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

9.8CVSS7.7AI score0.12058EPSS
Exploits0Affected Software2
OSV
OSV
added 2018/03/14 12:0 a.m.3 views

UBUNTU-CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

9.8CVSS7.2AI score0.12058EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2018/03/08 7:29 a.m.3 views

CVE-2018-0087

A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...

6.8CVSS5.8AI score0.01872EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2018/03/06 12:0 a.m.5 views

The vulnerability in the NetTransport.exe executable of the NetTransport download manager allows a hacker to execute arbitrary code.

The vulnerability in the NetTransport.exe executable of the NetTransport download manager is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on NAS devices using specially crafted HTTP responses...

10CVSS6.5AI score0.39634EPSS
Exploits6References3Affected Software1
RedHat Linux
RedHat Linux
added 2018/02/28 8:6 p.m.6 views

ruby: Command injection vulnerability in Net::FTP

It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with...

9.3CVSS7.7AI score0.73829EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2018/02/26 9:37 p.m.7 views

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

6.8CVSS7.2AI score0.04532EPSS
Exploits0References4
OSV
OSV
added 2018/02/15 10:29 a.m.4 views

CVE-2017-12720

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections...

8.1CVSS5.8AI score0.01886EPSS
Exploits0References2
OSV
OSV
added 2018/02/15 10:29 a.m.5 views

CVE-2017-12724

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured ...

8.1CVSS5.8AI score0.01348EPSS
Exploits0References2
OSV
OSV
added 2018/02/07 5:29 a.m.2 views

DEBIAN-CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web...

5.3CVSS6.9AI score0.24712EPSS
Exploits4References1
CNVD
CNVD
added 2018/01/25 12:0 a.m.10 views

SMTP credential vulnerability in multiple HP products

HP DesignJet T790 and others are printer devices from Hewlett-Packard HP in the United States. An SMTP credential vulnerability exists in several HP products. An attacker can exploit this vulnerability to obtain credentials for an SMTP server...

7.8CVSS6.9AI score0.01824EPSS
Exploits0References1
OSV
OSV
added 2018/01/24 10:29 p.m.3 views

ALPINE-CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported https://github.com/curl/curl/pull/2231 that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the...

9.1CVSS6.5AI score0.04556EPSS
Exploits0References1
OSV
OSV
added 2018/01/24 3:29 p.m.4 views

CVE-2018-5777

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 17.1.1. Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors...

9.8CVSS6AI score0.01696EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/01/24 12:0 a.m.11 views

The vulnerability of the syntax analyzer of the software tool for interacting with the curl server allows a hacker to perform read operations beyond the buffer in memory.

The vulnerability of the software tool’s syntax analyzer for interacting with servers using curl is related to an error during registration on the server using the FTP protocol. Exploiting this vulnerability allows a malicious actor to gain access to data beyond the boundaries of the allocated...

7.5CVSS7.7AI score0.08465EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2018/01/24 12:0 a.m.7 views

PT-2018-17140 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 2017 Plus SP1 17.1.1 Description: An issue was discovered that allows remote clients to take advantage of a misconfiguration in the TFTP server, potentially enabling attackers to execute arbitrary...

9.8CVSS8.2AI score0.01696EPSS
Exploits0References4
Rows per page
Query Builder