Lucene search
K

530 matches found

CNVD
CNVD
added 2020/05/12 12:0 a.m.3 views

Tobesoft Xplatform Resource Management Error Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A resource management error vulnerability exists in Tobesoft Xplatform versions 9.1 through 9.2.2. An...

7.8CVSS7.4AI score0.01211EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.3 views

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...

5.4CVSS6.4AI score0.00666EPSS
Exploits1References1
OSV
OSV
added 2020/04/28 6:15 a.m.5 views

UBUNTU-CVE-2020-12284

cbsjpegsplitfragment in libavcodec/cbsjpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEGMARKERSOS handling because of a missing length check...

9.8CVSS7.2AI score0.03756EPSS
Exploits2References5
OSV
OSV
added 2020/04/27 5:15 p.m.4 views

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

9.8CVSS7.3AI score0.77778EPSS
Exploits2References1
CNVD
CNVD
added 2020/04/07 12:0 a.m.2 views

Dell EMC Isilon OneFS Resource Management Error Vulnerability

Dell EMC Isilon OneFS is a horizontally scalable storage system for unstructured data from Dell USA. A resource management error vulnerability exists in Dell EMC Isilon OneFS 8.2.2 and prior versions. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS6.7AI score0.01044EPSS
Exploits0
CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

Cisco SD-WAN Solution software Privilege Permission and Access Control Issues Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A privilege-granting and access-control issue vulnerability exists in Cisco SD-WAN Solution software prior to Release 19.2.2, which arises from the program's failure to adequately validate input. A local attacker can exploi...

7.8CVSS6.8AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/05 12:0 a.m.10 views

PT-2020-5160 · Python Imaging Library +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 6.2.2 Description: The issue is caused by the FpxImagePlugin.py file calling the range function on an unvalidated 32-bit integer, which can lead to a denial of service DoS if the number of bands is large. On Windows...

9.8CVSS7.2AI score0.99856EPSS
Exploits28References170
CNVD
CNVD
added 2019/12/13 12:0 a.m.2 views

Fortinet FortiSIEM Information Disclosure Vulnerability

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM 5.2.2...

6.5CVSS6.1AI score0.00894EPSS
Exploits0References1
OSV
OSV
added 2019/12/06 6:15 p.m.7 views

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

7.5CVSS5.6AI score0.00783EPSS
Exploits0References4
CNVD
CNVD
added 2019/10/29 12:0 a.m.2 views

Magento Input Validation Error Vulnerability (CNVD-2019-44999)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An input validation error vulnerability exists in Magento versions 2.3.1 before 2.3, 2.2.8 before 2.2, and 2.1.17...

6.5CVSS6.9AI score0.01881EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.5 views

PT-2019-7492 · Pippin Williamson · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

6.1CVSS6.1AI score0.00923EPSS
Exploits0References4
OSV
OSV
added 2019/08/26 3:15 p.m.5 views

CVE-2019-4513

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555...

8.2CVSS7.3AI score0.02764EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/06 12:0 a.m.3 views

Magento encryption issue vulnerability (CNVD-2019-40841)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An encryption issue vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, and...

5.3CVSS6.6AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/18 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in HYBBS

HYBBS is a MVC-structured program based on HYPHP framework. An arbitrary folder deletion vulnerability exists in HYBBS Community Forum System V2.2.820190701. An attacker can exploit this vulnerability to arbitrarily delete arbitrary files...

7AI score
Exploits0
CNVD
CNVD
added 2019/04/30 12:0 a.m.2 views

Apache Archiva Input Validation Error Vulnerability

Apache Archiva is a suite of software from the Apache USA Software Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. An input validation error vulnerability exists in...

6.5CVSS7.3AI score0.04872EPSS
Exploits1References1
OSV
OSV
added 2019/01/16 7:30 p.m.4 views

UBUNTU-CVE-2019-2556

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References3
CNVD
CNVD
added 2018/08/13 12:0 a.m.1 views

SQL Injection Vulnerability in nucms v2.2

NUCMS is a content management system based on PHP+MYSQL technology developed by Liaocheng Leadsun Network Technology Co. NUCMS v2.2 has a SQL injection vulnerability that can be exploited by attackers to obtain database information...

8AI score
Exploits0
CNVD
CNVD
added 2018/07/10 12:0 a.m.5 views

Red Hat oVirt ovirt-engine Information Disclosure Vulnerability

Red Hat oVirt is an open source virtualization management platform from Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side. oVirt-engine is one of the management engines. An information disclosur...

9.8CVSS6.9AI score0.00994EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/08 12:0 a.m.4 views

Code Execution Vulnerability in LeShang Mall System v2.2.0

LeShang mall system is a based on THINKPHP5.0 as the core development of a free open source professional mall system. Code execution vulnerability exists in LeShang Mall System v2.2.0. An attacker can exploit the vulnerability to write arbitrary files and gain server privileges...

7.5AI score
Exploits0
CNVD
CNVD
added 2018/06/05 12:0 a.m.6 views

H2O Buffer Overflow Vulnerability (CNVD-2018-16256)

H2O is a set of open source Web server software . A buffer overflow vulnerability exists in H2O 2.2.4 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

9.8CVSS9.6AI score0.03815EPSS
Exploits0References1
Rows per page
Query Builder