Lucene search
K

114 matches found

CNVD
CNVD
added 2018/08/31 12:0 a.m.3 views

Unspecified Vulnerability in Manjaro Linux

Manjaro Linux is a set of Linux distributions for the Arch operating system. A security vulnerability exists in the manjaro-update-system.sh file in the manjaro-system 20180716-1 release of Manjaro Linux. A local attacker can exploit this vulnerability to install or remove arbitrary packets or...

7.8CVSS7.6AI score0.00789EPSS
Exploits1References1
OSV
OSV
added 2018/08/29 7:29 p.m.4 views

CVE-2018-15912

An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital...

7.8CVSS5.9AI score0.00789EPSS
Exploits1References2
OSV
OSV
added 2018/06/16 1:29 a.m.3 views

CVE-2018-11221

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...

9.8CVSS5.9AI score0.05023EPSS
Exploits0References2
Prion
Prion
added 2018/06/16 1:29 a.m.14 views

Unrestricted file upload

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/updatemanager.ajax in the update system...

7.5CVSS9.4AI score0.05023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/06/15 9:0 p.m.59 views

CVE-2018-11221

Pandora FMS up to version 7.23 is affected by CVE-2018-11221: an unauthenticated, untrusted file upload via include/ajax/update_manager.ajax in the update system allows an attacker to upload an arbitrary plugin.

9.8CVSS9.3AI score0.05023EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2018/04/26 12:0 a.m.41 views

Medium: PackageKit

Issue Overview: Authentication bypass allows to install signed packages without administrator privileges An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install...

5.5CVSS5.5AI score0.00393EPSS
Exploits0
Amazon
Amazon
added 2017/06/06 12:0 a.m.30 views

Medium: postgresql93, postgresql94, postgresql95

Issue Overview: Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some...

7.5CVSS7.3AI score0.06331EPSS
Exploits0
Amazon
Amazon
added 2017/03/06 12:0 a.m.39 views

Important: python-crypto

Issue Overview: A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. Affected Packages: python-crypto Issue Correction: Run yum update python-crypto or yum update --advisory ALAS-2017-801 to update your system.Run yum...

9.8CVSS9.8AI score0.09501EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/02/24 12:0 a.m.45 views

Fedora 25 : 1:xrdp (2017-8fffbae8af)

WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already...

9.8CVSS6.9AI score0.01326EPSS
Exploits0References2
Amazon
Amazon
added 2016/06/02 12:0 a.m.69 views

Medium: php56

Issue Overview: The following security-related issues were resolved: Out-of-bounds read in imagescale CVE-2013-7456 Integer underflow causing arbitrary null write in fread/gzread CVE-2016-5096 Integer overflow in phphtmlentities CVE-2016-5094 Integer overflow in phpfilterfullspecialchars...

8.6CVSS9.6AI score0.05487EPSS
Exploits3
Amazon
Amazon
added 2015/12/14 12:0 a.m.33 views

Low: perl-IPTables-Parse

Issue Overview: A vulnerability in perl-IPTables-Parse was found, when using predictable file names for its temporary files. This vulnerability allows attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. Affected Packages:...

5.5CVSS5.6AI score0.00432EPSS
Exploits0
seebug.org
seebug.org
added 2015/04/22 12:0 a.m.25 views

PHPOK最新版CSRF 永久GETSHELL

简要描述: PHPOK CSRF 永久GETSHELL 详细说明: PHPOK 最新版中,在线升级系统配置 可以被CSRF恶意串改。导致更新程序指向黑客的网站。 查看源码不难逆向出XML的构造格式。 \phpok\framework\admin\updatecontrol.php //在线升级 function mainf if!$this-popedom'update' error'您没有在线升级权限',$this-url'update','error'; $info = $this-service4; $rs = $this-lib'json'-decode$info;...

7.1AI score
Exploits0
Amazon
Amazon
added 2015/04/01 12:0 a.m.30 views

Low: gpgme

Issue Overview: Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "different line lengths in a...

6.8CVSS7.9AI score0.04289EPSS
Exploits0
ThreatPost
ThreatPost
added 2013/05/15 11:10 a.m.12 views

Firefox 21 Update Patches 8 Vulnerabilities, 3 Critical

Mozilla fixed eight vulnerabilities, three critical, in the 21st build of its flagship Firefox browser yesterday. One of the fixes remedies an Address Sanitizer memory corruption flaw MFSA 2013-48 that could’ve allowed remote code execution. The other two critical flaws could’ve also led to...

1.9AI score
Exploits0References10
OpenVAS
OpenVAS
added 2012/11/26 12:0 a.m.23 views

FreeBSD Ports: rt40

The remote host is missing an update to the system as announced in the referenced advisory. VID 4b738d54-2427-11e2-9817-c8600054b392 OpenVAS Vulnerability Test $ Description: Auto generated from VID 4b738d54-2427-11e2-9817-c8600054b392 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

6.8CVSS6.3AI score0.01822EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/21 12:0 a.m.12 views

AIX 530012 : U841209

The remote host is missing AIX PTF U841209 which is related to the security of the package devices.iscsisw.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
OpenVAS
OpenVAS
added 2011/05/12 12:0 a.m.17 views

FreeBSD Ports: firefox

The remote host is missing an update to the system as announced in the referenced advisory. VID b2f09169-55af-11e0-9d6f-000f20797ede OpenVAS Vulnerability Test $ Description: Auto generated from VID b2f09169-55af-11e0-9d6f-000f20797ede Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/01/24 12:0 a.m.69 views

FreeBSD Ports: php5

The remote host is missing an update to the system as announced in the referenced advisory. VID b2a6fc0e-070f-11e0-a6e9-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID b2a6fc0e-070f-11e0-a6e9-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

6.8CVSS7.8AI score0.13333EPSS
Exploits10
OpenVAS
OpenVAS
added 2010/10/10 12:0 a.m.30 views

FreeBSD Ports: vim6, vim6+ruby

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.8CVSS6.3AI score0.0862EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/09/22 12:0 a.m.13 views

AIX 530011 : U837721

The remote host is missing AIX PTF U837721 which is related to the security of the package devices.common.IBM.ide.rte You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

5.5AI score
Exploits0
Rows per page
Query Builder