Lucene search
K

626 matches found

OSV
OSV
added 2023/08/04 12:15 a.m.6 views

CVE-2023-36131

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter...

9.8CVSS5.8AI score0.00746EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.8 views

The vulnerability of the Advanced Networking Option component of the Oracle Database Server system allows a attacker to gain read, modify, add, or delete access to data.

The vulnerability of the Advanced Networking Option component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

3.7CVSS6.6AI score0.00383EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/17 12:0 a.m.5 views

The vulnerability of the Keytool component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Keytool component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data...

5.3CVSS6.7AI score0.05241EPSS
Exploits0References27Affected Software15
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.5 views

PT-2023-24671 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7.18 Description: The mail validation in the registration process had flaws, allowing the construction of different mail addresses that result in the same address, which can be shared by multiple accounts...

5.3CVSS5.1AI score0.00649EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.6 views

The vulnerability of the microprogramming software of ThinkPad Hybrid USB-C with USB-A Dock exists due to insufficient testing of input data. This allows a hacker to execute code with elevated privileges.

The vulnerability of the ThinkPad Hybrid USB-C with USB-A Dock’s microprogramming software exists due to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute code with elevated privileges during package updates or installations...

7.8CVSS7.4AI score0.00193EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.9 views

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to deficiencies in the validation of user-input data, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

5.9CVSS5.9AI score0.0062EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/17 4:0 p.m.10 views

CVE-2023-20077

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

6.5CVSS6.7AI score0.00839EPSS
Exploits0References2
OSV
OSV
added 2023/05/15 10:15 p.m.7 views

CVE-2023-20722

In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084...

6.7CVSS6.7AI score0.0009EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/05/12 12:0 a.m.7 views

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of the banking analytics system’s simulation model. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of a bank analytics system’s simulation model involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...

4.3CVSS6.4AI score0.00487EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/12 12:0 a.m.8 views

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

6.8CVSS6.3AI score0.01116EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/12 12:0 a.m.9 views

The vulnerability of the Routing Hub sub-component of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Routing Hub subcomponent of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to...

8.5CVSS6.8AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/12 12:0 a.m.8 views

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing allows a malicious individual to cause service failures or gain access to read, modify, add, or delete data.

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failures or gain access to read, modify, add, or delete data...

6.5CVSS6.8AI score0.00387EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.7 views

Gin-Gonic Gin 输入验证错误漏洞

Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin prior to version 1.9.0, which stems from vulnerability to incorrect input validation, and can be exploited by an attacker to use a specially crafte...

7.3CVSS6.2AI score0.00905EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

Dell EMC ECS 数据伪造问题漏洞

The Dell EMC ECS is a storage device from Dell USA. A cryptographic issue vulnerability exists in Dell EMC ECS versions prior to 3.8.0.2, which stems from incorrect validation of cryptographic signatures. An attacker exploiting this vulnerability could modify the subject data of a request...

7.5CVSS6.6AI score0.00268EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.6 views

Vulnerability of the Server component: The Connection Handling module of the MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the MySQL Server component, which handles database connections, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

3.3CVSS6.3AI score0.00989EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.6 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.8 views

The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure

The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS7.3AI score0.01731EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.6 views

The vulnerability of the PostScript Printer Driver (Pscript) and PCL6 Class Printer drivers for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the PostScript Printer Driver PScript and PCL6 Class Printer operating systems for Windows is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8.1AI score0.0164EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.7 views

CVE-2023-20128

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...

7.2CVSS7.3AI score0.30386EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/04/05 11:0 p.m.2 views

CVE-2023-20146

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...

6.1CVSS6.6AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder