Lucene search
K

569 matches found

OSV
OSV
added 2020/01/28 1:15 a.m.4 views

CVE-2019-17651

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...

5.4CVSS6.1AI score0.00622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/12/02 12:0 a.m.6 views

PT-2019-15858 · Alfresco · Alfresco Enterprise

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...

5.4CVSS5.3AI score0.00602EPSS
Exploits1References4
OSV
OSV
added 2019/11/26 2:48 p.m.3 views

USN-4201-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...

8.1CVSS6.9AI score0.05128EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2019/11/15 12:0 a.m.2 views

PT-2019-15720 · Cyrus +5 · Cyrus Imap +5

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.13 Cyrus IMAP versions 3.x through 3.0.11 Description: The issue allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that...

9.8CVSS7.1AI score0.07622EPSS
Exploits0References39
Microsoft KB
Microsoft KB
added 2019/10/30 12:0 a.m.7 views

March 5, 2019, update for Access 2010 (KB4018363)

March 5, 2019, update for Access 2010 KB4018363 This article describes update 4018363 for Microsoft Access 2010 that was released on March 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2010. It doesn't apply to th...

6.3AI score
Exploits0
OSV
OSV
added 2019/10/24 12:15 p.m.5 views

CVE-2019-4398

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259...

3.3CVSS5.8AI score0.00307EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/19 12:0 a.m.4 views

Dell RSA BSAFE Crypto-J Encryption Issue Vulnerability

Dell RSA BSAFE Crypto-J is RSA's FIPS-validated Java cryptographic module. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5. An attacker could exploit this vulnerability to force both parties to compute the same predictable shared key...

6.5CVSS9.1AI score0.01681EPSS
Exploits0References1
OSV
OSV
added 2019/08/02 3:15 p.m.3 views

CVE-2019-5493

Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker. A successful attack requires that multiple non-default options be enabled...

7.5CVSS7.1AI score0.01425EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/17 12:0 a.m.1 views

LibreOffice Information Disclosure Vulnerability (CNVD-2019-26825)

LibreOffice is an open source office software suite from The Document Foundation TDF. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A security vulnerability exists in LibreOffice versions prior to 6.2.5. A remote attacker could explo...

4.3CVSS6.8AI score0.03149EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/20 12:0 a.m.4 views

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

9.8CVSS7.1AI score0.06223EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/12/17 8:2 p.m.4 views

ghostscript: Type confusion in setpattern (700141)

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

7.8CVSS6.1AI score0.02873EPSS
Exploits1References4
OSV
OSV
added 2018/12/03 4:29 p.m.5 views

CVE-2018-1002000

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the delids variable by POST request...

7.2CVSS5.9AI score0.04354EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2018/12/02 12:0 a.m.2 views

PT-2018-2954

Name of the Vulnerable Software and Affected Versions lxml versions prior to 4.2.5 Description The issue is related to the lxml.html.clean module in the lxml library, which fails to remove javascript: URLs that use escaping. This allows a remote attacker to conduct cross-site scripting XSS attack...

9.8CVSS5.9AI score0.57991EPSS
Exploits10References100
CNVD
CNVD
added 2018/11/26 12:0 a.m.3 views

Vanilla Remote Code Execution Vulnerability (CNVD-2019-06793)

Vanilla is an open source multi-language, fully extensible forum program. A security vulnerability exists in Vanilla versions prior to 2.5.5 and 2.6.x prior to 2.6.2. A remote attacker can exploit this vulnerability to execute code by calling the 'unserialize' function...

7.2CVSS7.5AI score0.02017EPSS
Exploits1References1
OSV
OSV
added 2018/10/17 1:31 a.m.3 views

CVE-2018-3243

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite subcomponent: None. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

8.2CVSS7.3AI score0.02051EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/09/19 12:0 a.m.3 views

PT-2018-2283 · Cisco · Cisco Small Business Routers

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could...

9CVSS8AI score0.95923EPSS
Exploits11References17
CNVD
CNVD
added 2018/09/06 12:0 a.m.3 views

BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)

XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...

6.1CVSS5.9AI score0.00474EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/28 12:0 a.m.2 views

ASP4CMS AspCMS Elevation of Privilege Vulnerability

ASP4CMS AspCMS is China's ASP4CMS open source laboratory of a free enterprise website construction system . The system supports customized templates and plug-in extensions and other features. ASP4CMS AspCMS 2.5.6 version of a security vulnerability , the vulnerability stems from the /member/reg.a...

9.8CVSS9.5AI score0.02009EPSS
Exploits1References1
Broadcom
Broadcom
added 2018/08/23 12:0 a.m.10 views

BSA-2018-700

Security Advisory ID : BSA-2018-700 Component : Apache Struts 2 Revision : 1.0: Final Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same...

9.3CVSS8.8AI score0.99993EPSS
Exploits41
OSV
OSV
added 2018/07/18 1:29 p.m.6 views

CVE-2018-3017

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite subcomponent: Preferences. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with...

8.2CVSS7.3AI score
Exploits0References3
Rows per page
Query Builder