Lucene search
K

1394 matches found

CNNVD
CNNVD
added 2023/03/10 12:0 a.m.2 views

UNISOC Chipsets 输入验证错误漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets wlan module that stems from a lack of parameter checking. This could lead to a local denial of service in the wlan service...

5.5CVSS5.7AI score0.00088EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.6 views

The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code or perform arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands usin...

9CVSS7.6AI score0.01322EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/27 2:15 p.m.4 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.6 views

SUSE CVE-2011-1923

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

4CVSS6.5AI score0.01308EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-2132

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection...

5CVSS7.2AI score0.01553EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.3 views

SUSE CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

2.6CVSS6.9AI score0.01324EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:38 a.m.2 views

SUSE CVE-2013-2191

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate...

4.3CVSS6.8AI score0.00888EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.3 views

SUSE CVE-2017-17718

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...

5.9CVSS5.8AI score0.01348EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.2 views

SUSE CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

3.1CVSS7.1AI score0.05372EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

8.8CVSS7.8AI score0.21952EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.1 views

SUSE CVE-2021-29568

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

7.8CVSS7.5AI score0.00197EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...

4.3CVSS6.9AI score0.01105EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.10 views

Adobe After Effects 缓冲区错误漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that...

5.5CVSS6.6AI score0.00315EPSS
Exploits0References3
OSV
OSV
added 2023/02/13 3:15 p.m.3 views

CVE-2023-0169

The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.01648EPSS
Exploits2References1
Veracode
Veracode
added 2023/02/09 6:27 a.m.18 views

Cross-Site Request Forgery (CSRF)

xxl-job is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to a lack of validation in updatePwd which allows an attacker to modify any user passwords...

6.5CVSS6.1AI score0.00387EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.5 views

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.4CVSS6.1AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2023/01/30 9:15 p.m.6 views

CVE-2022-4872

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...

4.3CVSS5.8AI score0.00281EPSS
Exploits2References1
OSV
OSV
added 2023/01/26 6:59 p.m.1 views

CVE-2022-42418

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.2AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder