Lucene search
K

320 matches found

CNVD
CNVD
added 2018/02/24 12:0 a.m.2 views

FreeXL Heap Buffer Out-of-Bounds Read Vulnerability

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'readminibiffnextrecord' function in versions of FreeXL prior to 1.0.5. An attacker could exploi...

8.8CVSS6.8AI score0.02176EPSS
Exploits1References1
OSV
OSV
added 2018/01/18 2:29 a.m.2 views

CVE-2018-2716

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications subcomponent: User Interface. The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network...

6.1CVSS7.3AI score0.01104EPSS
Exploits0References3
CNVD
CNVD
added 2017/09/26 12:0 a.m.4 views

Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30727)

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in versions of Netsweeper prior to 4.0.5. A remote attacker can exploit this vulnerability by sending a request to the webadmin/nslam/index.php file to bypass authentication and create arbitrary...

9.8CVSS9.7AI score0.1268EPSS
Exploits4References1
CNVD
CNVD
added 2017/04/26 12:0 a.m.3 views

Serendipity Cross-Site Request Forgery Vulnerability

Serendipity is scalable PHP-powered weblog engine. A cross-site request forgery vulnerability in Serendipity 2.0.5 allows attackers to install any theme via a GET request...

8.8CVSS8.5AI score0.00604EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/28 12:0 a.m.3 views

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04653)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blocks/add/URI in Subrion CMS version 4.0.5. An...

8.8CVSS8.6AI score0.00613EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/28 12:0 a.m.4 views

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04651)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/blog/add/URI in Subrion CMS version 4.0.5.10. A...

8.8CVSS6.4AI score0.00449EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/24 12:0 a.m.2 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2016-10246)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion CMS version 4.0.5, which stems from the failure of...

6.2AI score
Exploits0References1
CNVD
CNVD
added 2016/07/21 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component

Oracle Enterprise Manager Grid Control is a suite of systems management software from Oracle Corporation. The software provides centralized monitoring, lifecycle management, and other functions for the Oracle IT architecture. enterprise Manager Base Platform is one of the system management platfo...

6.3CVSS6.4AI score0.004EPSS
Exploits0References1
CNVD
CNVD
added 2016/06/08 12:0 a.m.1 views

7zip denial of service vulnerability

7zip is a set of 7-Zip data compression program software. The program can compress and decompress files in 7z format. A security vulnerability exists in the 'CInArchive::ReadFileItem' method in the Archive/Udf/UdfIn.cpp file in 7zip version 9.20 and 15.05 beta. A remote attacker can exploit this...

8.8CVSS7.7AI score0.09795EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.6 views

The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a intruder to authenticate as an arbitrary user.

The vulnerability of the Microprogramming Software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass authentication by acting as an arbitrary user...

6.8CVSS5.6AI score0.00644EPSS
Exploits0References2
OSV
OSV
added 2014/10/08 7:55 p.m.4 views

DEBIAN-CVE-2014-7202

streamengine.cpp in libzmq aka ZeroMQ/C++ 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request...

4.3CVSS9AI score0.02015EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/13 9:51 a.m.4 views

flash-plugin: information disclosure flaw (APSB13-05)

Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before...

5CVSS5.8AI score0.05842EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2012/04/02 6:55 p.m.3 views

CVE-2011-5084

Cross-site scripting XSS vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01442EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2011/09/01 7:54 p.m.9 views

rsyslog: parseLegacySyslogMsg off-by-two buffer overflow

Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...

5CVSS6AI score0.20759EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2008/12/17 1:31 a.m.11 views

Firefox XSS vulnerabilities in SessionStore

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting XSS attacks via unknown...

4.3CVSS5.7AI score0.01784EPSS
Exploits0References4
PyPA
PyPA
added 2008/03/20 12:44 a.m.7 views

PYSEC-2008-14

Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...

4.3CVSS7.3AI score0.00642EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2002/10/11 4:0 a.m.2 views

DEBIAN-CVE-2002-1170

The handlevarrequests function in snmpagent.c for the SNMP daemon in the Net-SNMP formerly ucd-snmp package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service crash via a NULL dereference...

5CVSS6.8AI score0.01838EPSS
Exploits0References1
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.21 views

CVE-2022-50599

...

Exploits0
Microsoft Security Update
Microsoft Security Update
added 1976/01/01 12:0 a.m.3 views

2021-04 .NET 5.0.5 Update for x86 Client

2021-04 .NET 5.0.5 Update for x86 Client...

7AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1976/01/01 12:0 a.m.5 views

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2 for x64 (KB5005539)

2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2 for x64 KB5005539...

7AI score
Exploits0
Rows per page
Query Builder