Lucene search
K

8246 matches found

OSV
OSV
added 2018/06/03 8:56 a.m.4 views

SUSE-SU-2018:1492-1 Security update for dpdk-thunderxdpdk

This update fixes the following issues: - CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest...

6.1CVSS6AI score0.00878EPSS
Exploits0References3
Prion
Prion
added 2018/06/01 2:29 p.m.13 views

Command injection

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, restrictions on...

6.5CVSS6.9AI score0.02263EPSS
Exploits0References3Affected Software14
CNVD
CNVD
added 2018/06/01 12:0 a.m.1 views

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2018-10946)

IBM Content Navigator is a Web client from IBM USA that supports searching and processing documents stored in content servers around the world from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator. A remote attacker can exploit this vulnerability to inject...

5.4CVSS6.3AI score0.00968EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/01 12:0 a.m.2 views

F5 BIG-IP Security Restriction Bypass Vulnerability

F5 BIG-IP is a collection of software and hardware that allows you to control the traffic that passes through your network. A security restriction bypass vulnerability exists in F5 BIG-IP 11.x, 12.x, and 13.x. A remote attacker could exploit this vulnerability to run commands in the Traffic...

7.2CVSS7AI score0.02263EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/24 12:0 a.m.1 views

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-15257)

IBM Financial Transaction Manager FTM for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services are financial transaction manager products from IBM USA, which are primarily used for monitoring, tracking and reporting on financial payments and transactions. A cross-site...

6.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/23 8:29 a.m.65 views

Important: Red Hat Security Advisory: redhat-virtualization-host security update

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.5CVSS7.2AI score0.60631EPSS
Exploits2References3
Kaspersky
Kaspersky
added 2018/05/18 12:0 a.m.676 views

KLA11251 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple memo...

9.8CVSS9.8AI score0.21288EPSS
Exploits4References3
OSV
OSV
added 2018/05/17 9:29 p.m.4 views

CVE-2018-1461

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code ...

5.4CVSS5.4AI score0.00983EPSS
Exploits2References5
OSV
OSV
added 2018/05/17 3:29 a.m.2 views

CVE-2018-0326

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...

6.1CVSS5.8AI score0.01796EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/05/17 3:0 a.m.24 views

CVE-2018-0328

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...

6.1AI score0.01818EPSS
Exploits0References4
CNVD
CNVD
added 2018/05/17 12:0 a.m.6 views

Cisco TelePresence Server Cross-Frame Scripting Vulnerability

Cisco TelePresence Server Software is the United States of America Cisco Cisco is a set of video conferencing solutions known as "TelePresence" system. The program provides audio, video space and other components for remote participants to provide a "face-to-face" virtual meeting room effect. web...

6.1CVSS7.2AI score0.01796EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/10 12:0 a.m.3 views

McAfee VirusScan Enterprise Elevation of Privilege Vulnerability

McAfee VirusScan Enterprise VSE is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scanning memory for malicious code and optimizing updates for remote systems, etc. Microsoft Windows client is one of its clients based on...

6.8CVSS6.9AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/10 12:0 a.m.4 views

Oracle Retail Applications Retail Point-of-Service Component Unauthorized Operation Vulnerability

Oracle Retail Applications is the United States Oracle Oracle company's set of retail applications store solutions. Retail Point-of-Service is one of the retail point-of-service management components. A security vulnerability exists in the User Interface subcomponent of the Retail Point-of-Servic...

7.1CVSS6.9AI score0.01116EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/08 6:32 p.m.5 views

Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation

The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interfaceCONFIGXFRMUSER compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrmdumppolicydone. A user/process could abuse this flaw to potentially...

7.8CVSS7.1AI score0.0215EPSS
Exploits3References4
Kaspersky
Kaspersky
added 2018/05/08 12:0 a.m.66 views

KLA11242 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper handling of objects in...

10CVSS7.2AI score0.21854EPSS
Exploits0References10
CNVD
CNVD
added 2018/05/08 12:0 a.m.3 views

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2018-09160)

IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site...

5.4CVSS6.4AI score0.01109EPSS
Exploits0References1
OSV
OSV
added 2018/05/07 1:29 p.m.4 views

CVE-2018-1413

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819...

5.4CVSS5.4AI score0.01109EPSS
Exploits0References6
CNVD
CNVD
added 2018/05/03 12:0 a.m.5 views

WatchGuard AP100, AP102 and AP200 Authentication Vulnerabilities

The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200 using firmware versions prior to 1.2.9.15, which stems from a failure of the local Access Point Web...

7.8CVSS6.8AI score0.01523EPSS
Exploits5References1
Cisco
Cisco
added 2018/05/02 4:0 p.m.31 views

Cisco Prime Service Catalog User Interface Denial of Service Vulnerability

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to...

6.5CVSS1.7AI score0.02776EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/02 12:0 a.m.5 views

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-08943)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.5, 5.0.7...

5.4CVSS6AI score0.00968EPSS
Exploits0References1
Rows per page
Query Builder