Lucene search
+L

206 matches found

seebug
seebug
added 2018/06/29 12:0 a.m.40 views

KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

0.2AI score
Exploits0
nvd
nvd
added 2018/06/07 9:29 p.m.22 views

CVE-2018-0338

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

7.8CVSS7.9AI score0.00377EPSS
Exploits0References3
nvd
nvd
added 2017/10/19 8:29 a.m.20 views

CVE-2017-12286

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in t...

5.5CVSS5.3AI score0.00357EPSS
Exploits0References3
cvelist
cvelist
added 2017/10/19 8:0 a.m.24 views

CVE-2017-12286

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in t...

5.3AI score0.00357EPSS
Exploits0References3
nvd
nvd
added 2017/07/06 12:29 a.m.20 views

CVE-2017-6708

A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...

9.8CVSS9.5AI score0.01456EPSS
Exploits0References2
cvelist
cvelist
added 2017/07/06 12:0 a.m.21 views

CVE-2017-6708

A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...

9.5AI score0.01456EPSS
Exploits0References2
cisco
cisco
added 2017/07/05 4:0 p.m.41 views

Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability

A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...

7.5CVSS9.6AI score0.01456EPSS
Exploits0References1
cisco
cisco
added 2016/12/07 4:0 p.m.37 views

Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. The vulnerability is due to insufficient client-side validation checks. An attacker could...

5CVSS7.6AI score0.03011EPSS
Exploits0References1
cert
cert
added 2016/11/21 12:0 a.m.147 views

NTP.org ntpd contains multiple denial of service vulnerabilities

Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...

7.5CVSS7.4AI score0.52935EPSS
Exploits12References2
redhatcve
redhatcve
added 2016/07/07 9:48 a.m.27 views

CVE-2016-6156

A timing flaw was found in the Chrome EC driver in the Linux kernel. An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system...

5.3CVSS5.8AI score0.00274EPSS
Exploits0References1
debian
debian
added 2015/09/29 9:38 p.m.26 views

[SECURITY] [DLA 318-1] flightgear security update

Package : flightgear Version : 1.9.1-1.1 Debian Bug : 780712 It was discovered that flightgear, a Flight Gear Flight Simulator game, did not perform adequate filesystem validation checks in its fgValidatePath routine. Regards, - -- ,. : : : Chris Lamb . [email protected] / chris-lamb.co.uk -...

7.3AI score
Exploits0
freebsd
freebsd
added 2015/09/21 12:0 a.m.40 views

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...

10CVSS7.5AI score0.45511EPSS
Exploits2References1
exploitpack
exploitpack
added 2014/07/30 12:0 a.m.20 views

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities !-- SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platfo...

Exploits0
osv
osv
added 2014/07/09 11:21 p.m.12 views

MGASA-2014-0291 Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

7.5CVSS9.9AI score0.23024EPSS
Exploits4References3
mageia
mageia
added 2014/07/09 11:21 p.m.41 views

Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

7.5CVSS6.6AI score0.23024EPSS
Exploits4References2
seebug
seebug
added 2014/07/01 12:0 a.m.17 views

VMware Player and Workstation <= 6.5.3 'vmware-authd' Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36630/info VMware Player and Workstation are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate validation checks on user-supplied input. An attacker can exploit this issue...

7.1AI score
Exploits0
nessus
nessus
added 2013/07/12 12:0 a.m.24 views

Fedora 17 : mediawiki-1.19.7-1.fc17 (2013-9622)

bug 48306 SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...

6.8CVSS5.3AI score0.02344EPSS
Exploits0References3
zdi
zdi
added 2013/06/27 12:0 a.m.41 views

Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AWT mlib library...

10CVSS3.6AI score0.10179EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2010/07/15 12:0 a.m.6 views

Macromedia Flash ActionDefineFunction Memory Access (CVE-2005-2628)

A remote code execution vulnerability exists in the Macromedia Flash plugin. The flaw is created by insufficient validation checks of user input values. This vulnerability may be exploited by a malicious user to inject and execute arbitrary code on the target host. In a successful attack, an...

5.1CVSS7.6AI score0.06756EPSS
Exploits1
debiancve
debiancve
added 2010/02/10 2:0 a.m.47 views

CVE-2009-4634

Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...

10CVSS9.7AI score0.0721EPSS
Exploits2
Rows per page
Query Builder