Lucene search
+L

174 matches found

cve
cve
added 2021/08/25 11:38 a.m.65 views

CVE-2021-33886

CVE-2021-33886 describes an Improper Input Sanitization in B. Braun SpaceCom2, allowing remote, unauthenticated attackers on the same network to gain user-level command-line access by passing a raw string to printf. The vulnerability is tied to SpaceCom2 before 012U000062. Connected sources (Red ...

8.8CVSS8.7AI score0.00827EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2021/08/25 12:0 a.m.7 views

B. Braun SpaceCom2 格式化字符串错误漏洞

B. Braun SpaceCom2, a hardware device from B. Braun, is used to connect to an external device to record data in a patient data management system, PC, or USB memory stick. A remote, unauthenticated attacker could use this vulnerability to gain user-level command-line access by passing a raw extern...

8.8CVSS5.6AI score0.00827EPSS
Exploits1References6
cvelist
cvelist
added 2021/08/18 7:40 p.m.40 views

CVE-2021-34715 Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

4.7CVSS7.3AI score0.01056EPSS
Exploits0References1
nvd
nvd
added 2021/06/25 12:15 p.m.20 views

CVE-2021-35047

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and...

9.9CVSS0.01638EPSS
Exploits1References2
nvd
nvd
added 2021/05/14 9:15 p.m.27 views

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS0.01045EPSS
Exploits0References2
prion
prion
added 2021/05/14 9:15 p.m.20 views

Authorization

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

6.8CVSS8.7AI score0.01045EPSS
Exploits0References2Affected Software1
hackerone
hackerone
added 2021/03/16 8:39 p.m.13 views

Rockstar Games: Password and mail address stored unencrypted in memory - Rockstar Game Launcher

User credentials were stored unencrypted in memory for a short time during the login process for a game launcher application. The credentials could have been retrieved by dumping application memory after login. This issue has since been resolved to no longer expose passwords in memory...

6.9AI score
Exploits0
mskb
mskb
added 2020/04/13 4:7 a.m.21 views

MS13-054: Description of the security update for Lync 2010 Attendee (user level install): July 9, 2013

Resolves a vulnerability that could allow remote code execution on a client system if a user views shared content that embeds TrueType font files.View products that this article applies to.IntroductionThis update resolves a vulnerability that could allow remote code execution on a client system i...

7.5AI score
Exploits0
nvd
nvd
added 2020/04/02 11:15 p.m.21 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.8CVSS8.9AI score0.03395EPSS
Exploits1References2
osv
osv
added 2020/04/02 11:15 p.m.16 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.8CVSS7.8AI score
Exploits0References2
prion
prion
added 2020/04/02 11:15 p.m.11 views

Design/Logic Flaw

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.5CVSS8.9AI score0.03395EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/04/02 10:13 p.m.28 views

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

8.9AI score0.03395EPSS
Exploits1References2
cve
cve
added 2020/04/02 10:13 p.m.62 views

CVE-2020-11498

CVE-2020-11498 affects Slack Nebula up to version 1.1.0. A relative-path vulnerability in the tunnel drivers tun_darwin.go and tun_windows.go allows a low-privileged attacker to execute code in the context of the root user, with potential user-context execution as well. The issue enables path tra...

8.8CVSS8.9AI score0.03395EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/03/09 6:27 p.m.18 views

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

9.5AI score0.02465EPSS
Exploits0References1
cvelist
cvelist
added 2020/01/30 5:14 p.m.27 views

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS...

6.5AI score0.00648EPSS
Exploits0References2
prion
prion
added 2020/01/15 11:15 p.m.12 views

Cross site request forgery (csrf)

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header which must match the request origin. This is problematic in conjunction with XSS: one can escalate privileges from User level ...

6.8CVSS8.7AI score0.00484EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2019/08/28 5:15 p.m.17 views

CVE-2019-15720

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM...

7.8CVSS7.8AI score0.00415EPSS
Exploits1References1
nvd
nvd
added 2019/08/06 7:15 p.m.19 views

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

8.8CVSS8.8AI score0.01859EPSS
Exploits1References1
prion
prion
added 2019/08/06 7:15 p.m.18 views

Authorization

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

6.5CVSS8.7AI score0.01859EPSS
Exploits1References1Affected Software2
cvelist
cvelist
added 2019/08/06 6:3 p.m.24 views

CVE-2019-14473

eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the service messages, clear the system protocol or modify/delete internal programs, etc. pp...

8.8AI score0.01859EPSS
Exploits1References1
Rows per page
Query Builder