Lucene search
K

637 matches found

Code423n4
Code423n4
added 2022/06/24 12:0 a.m.10 views

Buy logic is not correct

Lines of code Vulnerability details Impact This will affect the curves from where the buy need to happen. This will lead to erroneous result. Proof of Concept Tools Used Manual calculation and code review Recommended Mitigation Steps Update the Buy logic by referring the sell logic. --- The text...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2022/04/29 11:0 a.m.14 views

You Need to Update iOS, Android, and Chrome Right Now

Plus: Microsoft patched some 100 flaws, while Oracle issued more than 500 security fixes...

1.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.5 views

PT-2022-19584 · Mufeng · Mufeng'S Hermit 音乐播放器

Name of the Vulnerable Software and Affected Versions: Mufeng's Hermit 音乐播放器 plugin versions = 3.1.6 Description: An Authenticated SQL Injection SQLi issue allows attackers with Subscriber or higher user roles to execute SQLi attacks. The attack is executed via the &ids parameter. Recommendations...

8.8CVSS9AI score0.00862EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.3 views

PT-2022-19378 · Jenkins · Jenkins Gerrit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.35.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin do...

8CVSS5.4AI score0.00798EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.6 views

PT-2022-17553 · Samsung · Galaxy Watch Plugin

Name of the Vulnerable Software and Affected Versions: Galaxy Watch Plugin versions prior to 2.2.05.22012751 Description: The issue allows an attacker to access password information of connected WiFiAp in the log. Recommendations: For Galaxy Watch Plugin versions prior to 2.2.05.22012751, update ...

3.3CVSS4AI score0.00204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/31 12:0 a.m.14 views

MariaDB DoS Vulnerability (MDEV-25631) - Windows

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

5.5CVSS7.5AI score0.00551EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.3 views

PT-2021-6394 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to errors in resource release in the MySQL Server component, specifically in the Optimizer subsystem. This can be exploited by a remote attacker to cause a denial of...

10CVSS7AI score0.87816EPSS
Exploits22References814
Positive Technologies
Positive Technologies
added 2021/08/30 12:0 a.m.9 views

PT-2021-7541 · Vmware · Vmware Vrealize Log Insight

Name of the Vulnerable Software and Affected Versions: VMware vRealize Log Insight versions 8.x prior to 8.4 Description: The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be...

5.4CVSS5.3AI score0.00468EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/08/18 12:0 a.m.1 views

PT-2021-14226 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.0 Description: A cross-site scripting issue in some functions of the E-Mail or Group Mail component allows a remote attacker to inject an arbitrary script via unspecified vectors. Recommendations: For...

6.1CVSS6AI score0.00796EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2021/07/12 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2021:1785-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.8AI score0.0199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/17 12:0 a.m.5 views

PT-2021-19862 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.16.1 Description: The Nextcloud Android app is vulnerable to an issue where a malicious app on the same device could access the shared preferences of the Nextcloud Android application. This requires...

4.3CVSS3.6AI score0.00881EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.10 views

FreeBSD : zeek -- several potential DoS vulnerabilities (a550d62c-f78d-4407-97d9-93876b6741b9)

Tim Wojtulewicz of Corelight reports : Fix potential Undefined Behavior in decodenetbiosname and decodenetbiosnametype BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability. Add some extra length checking when parsing mobile ipv6 packets. D...

5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/05/28 3:53 p.m.50 views

Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build

Impact If you are using the esbuild target or command you are at risk of code/option injection. Attackers can use the command line option to maliciously change your settings in order to damage your project. Patches The problem has been patched in v1.0.0 as it uses a proper method to pass configs ...

3.1AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/26 12:0 a.m.2 views

PT-2021-5288 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: A parsing issue in the handling of directory paths was addressed with improved path...

5.5CVSS4.6AI score0.004EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/02/10 12:0 a.m.8 views

PT-2021-15578 · Mcafee · Mcafee Total Protection

Name of the Vulnerable Software and Affected Versions: McAfee Total Protection versions prior to 16.0.30 Description: The issue allows a local user to bypass Remote Procedure Call in McAfee Total Protection, gaining elevated privileges and performing arbitrary file modification as the SYSTEM user...

7.8CVSS7.5AI score0.0043EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/11/01 12:0 a.m.9 views

PT-2020-1250 · Google +9 · Android +9

Name of the Vulnerable Software and Affected Versions: Android versions 8.0 through 11 Description: The issue is related to a possible out of bounds write due to an integer overflow in the exif entry get value function of the exif-entry.c component. This could lead to remote code execution if a...

9.8CVSS8.1AI score0.04262EPSS
Exploits1References83
Positive Technologies
Positive Technologies
added 2020/10/03 12:0 a.m.10 views

PT-2020-6188 · Mariadb +8 · Mariadb +9

Name of the Vulnerable Software and Affected Versions: mariadb versions prior to 10.1.47 mariadb versions prior to 10.2.34 mariadb versions prior to 10.3.25 mariadb versions prior to 10.4.15 mariadb versions prior to 10.5.6 Description: The issue is related to errors in input data processing duri...

10CVSS7.9AI score0.6773EPSS
Exploits104References588
Positive Technologies
Positive Technologies
added 2020/09/24 12:0 a.m.5 views

PT-2021-6569 · Gthumb +3 · Gthumb +3

Name of the Vulnerable Software and Affected Versions: gThumb versions prior to 3.10.1 Description: The issue is related to insufficient input validation in the gThumb image processing application. It allows a remote attacker to cause a denial of service via a malformed JPEG image. Recommendation...

7.8CVSS6AI score0.02149EPSS
Exploits2References23
OpenVAS
OpenVAS
added 2020/05/20 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-4366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04553EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2020/04/16 12:0 a.m.59 views

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2020-1375)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3CVSS7.6AI score0.00686EPSS
Exploits1References2
Rows per page
Query Builder