Lucene search
K

568 matches found

NCSC
NCSC
added 2021/01/20 12:0 a.m.15 views

Vulnerabilities fixed in Red Hat OpenShift Virtualization

Red Hat has fixed multiple vulnerabilities in OpenShift Virtualization. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Red Hat has released...

8.8CVSS8.5AI score0.06968EPSS
Exploits4
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.5 views

Win911 Mobile Server Security Vulnerability

Win911 Mobile Server is a server-side program used in industrial environments to provide interactive data support for mobile apps from Win911 USA. A security vulnerability exists in Win911 Mobile Server V2.5, which can be exploited by an attacker to overwrite the service executable and execute...

9.3CVSS7.6AI score0.00608EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/12/09 7:3 p.m.5 views

cn.ibizlab.plugin:ibiz-cloud-ai-baichuanai (>=8.1.0.371 <=8.1.0.578.187), cn.ibizlab.plugin:ibiz-cloud-ai-core (>=8.1.0.304 <=8.1.0.578.187) +438 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.5.0 <=2.5.13)

org.codehaus.groovy:groovy-all MAVEN version =2.5.0, =8.1.0.371, =8.1.0.304, =8.1.0.371, =8.1.0.516, =8.1.0.304, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2020-17521 Source...

5.5CVSS6.7AI score0.0105EPSS
Exploits0
OSV
OSV
added 2020/10/09 7:15 a.m.3 views

CVE-2020-26910

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25...

6.8CVSS5.8AI score0.01034EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/14 12:0 a.m.3 views

Wireshark Resource Management Error Vulnerability (CNVD-2020-49576)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 3.2.0 through 3.2.5. An attacker...

6.5CVSS7.7AI score0.02889EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/07/16 10:13 a.m.6 views

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

4.3CVSS6.7AI score0.03284EPSS
Exploits0References4
OSV
OSV
added 2020/07/15 6:15 p.m.5 views

CVE-2020-14635

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Logging. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Obje...

5.3CVSS6.7AI score0.01205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/07/14 12:0 a.m.10 views

PT-2020-3530

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by an unauthenticated...

8.3CVSS7.2AI score0.04675EPSS
Exploits0References250
Positive Technologies
Positive Technologies
added 2020/05/26 12:0 a.m.6 views

PT-2020-4071 · Apple · Itunes For Windows +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Safari versions prior to 13.1.1 iTunes for Windows versions prior to 12.10.7 iCloud for Windows versions prior to 11.2 and...

10CVSS8.9AI score0.01648EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2020/05/26 12:0 a.m.5 views

PT-2020-4070 · Apple · Macos Catalina +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Description: The issue is related to an out-of-bounds write problem, which can be...

9.3CVSS7.5AI score0.01375EPSS
Exploits0References7
CNVD
CNVD
added 2020/05/21 12:0 a.m.9 views

Ruby on Rails Cross-Site Request Forgery Vulnerability (CNVD-2020-32423)

Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A cross-site request forgery vulnerability exists in Ruby on Rails versions prior to 5.2.5 and 6.0.4, which stems from a WEB application that does not adequately validate that a request is comin...

4.3CVSS8.7AI score0.01673EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/20 12:0 a.m.2 views

Autodesk Dynamo BIM Code Issue Vulnerability

Autodesk Dynamo BIM is a suite of open-source graphic programming design software from Autodesk USA. A security vulnerability exists in Autodesk Dynamo BIM version 2.5.1 and 2.5.0, which originates from the program's inability to properly verify signatures. The vulnerability can be exploited by a...

7.8CVSS7.3AI score0.00376EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/17 12:0 a.m.2 views

Rukovoditel SQL Injection Vulnerability (CNVD-2020-26656)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A SQL injection vulnerability exists in Rukovoditel version 2.5.2. The vulnerability stems from a lack ...

9.8CVSS8.2AI score0.01681EPSS
Exploits0References1
OSV
OSV
added 2020/04/15 2:15 p.m.4 views

CVE-2020-2864

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier...

5.3CVSS5.8AI score0.01433EPSS
Exploits0References1
OSV
OSV
added 2020/04/14 5:15 p.m.5 views

CVE-2020-10382

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler...

8.8CVSS7.8AI score0.01919EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/04/07 12:0 a.m.5 views

PT-2020-12693 · Nch · Express Invoice

Name of the Vulnerable Software and Affected Versions: NCH Express Invoice version 7.25 Description: The issue allows local users to discover the cleartext password by reading the configuration file. Recommendations: For version 7.25, consider restricting access to the configuration file to...

7.8CVSS7.4AI score0.01045EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2020/03/25 12:0 a.m.4 views

PT-2022-11605 · Libxml2 +3 · Libxml2 +3

Name of the Vulnerable Software and Affected Versions: VTK versions prior to 9.2.5 Description: The issue is a NULL pointer dereference vulnerability that lies in IO/Infovis/vtkXMLTreeReader.cxx. It occurs because the vendor did not check the return value of the libxml2 API xmlDocGetRootElement a...

8.7CVSS7.2AI score0.01066EPSS
Exploits1References30
OSV
OSV
added 2020/02/12 2:15 a.m.3 views

DEBIAN-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

7.5CVSS8AI score0.07247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/02/10 12:0 a.m.6 views

PT-2020-9918 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.5.x Apache Dubbo versions 2.6.0 through 2.6.7 Apache Dubbo versions 2.7.0 through 2.7.4 Description: Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a PO...

9.8CVSS7.3AI score0.35564EPSS
Exploits2References15
OSV
OSV
added 2020/01/28 1:15 a.m.3 views

CVE-2019-17651

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...

5.4CVSS6.1AI score0.00622EPSS
Exploits0References1
Rows per page
Query Builder