Lucene search
K

605 matches found

NCSC
NCSC
added 2022/06/15 12:0 a.m.29 views

Vulnerabilities fixed in Adobe Bridge

Adobe has fixed several vulnerabilities in Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to access gain access to sensitive data in the context of the application. To do this, the malicious party must trick the victim...

9.3CVSS7.1AI score0.02857EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/14 7:41 p.m.7 views

CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

7.5CVSS7.1AI score0.00839EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/08 8:15 p.m.2 views

CVE-2022-30882

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code remote. When installing the pyanxdns package of version 0.2, the request package will be installed...

9.8CVSS8AI score0.022EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.7 views

HashiCorp go-getter 输入验证错误漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...

8.6CVSS6.9AI score0.01279EPSS
Exploits0References22
CNNVD
CNNVD
added 2022/05/25 12:0 a.m.4 views

HashiCorp go-getter 命令注入漏洞

HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the presence of a comman...

9.8CVSS7AI score0.01525EPSS
Exploits0References24
Snyk
Snyk
added 2022/05/24 10:28 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the modification of contents in the intermediate build folder by default obj. An attacker can alter the contents of this folder by authenticating and exploiting the...

5.5CVSS6.9AI score0.01151EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:21 p.m.2 views

GHSA-43M6-WVC8-2M7J Mattermost Server's Session ID and Session Token are potentially compromised

An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled...

6.5CVSS7AI score0.00722EPSS
Exploits0References4
OSV
OSV
added 2022/05/20 5:15 p.m.2 views

CVE-2021-39043

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS6.2AI score0.00438EPSS
Exploits0References2
OSV
OSV
added 2022/05/20 1:15 p.m.4 views

CVE-2022-29028

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...

5.5CVSS5.7AI score0.00497EPSS
Exploits0References1
OSV
OSV
added 2022/05/06 4:15 p.m.3 views

CVE-2022-21934

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...

8.8CVSS5.8AI score0.00892EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/04/26 5:34 p.m.3 views

mysql: InnoDB unspecified vulnerability (CPU Jul 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

7.1CVSS7.3AI score0.08216EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/19 9:15 p.m.4 views

CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.5AI score0.0129EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/19 9:15 p.m.5 views

UBUNTU-CVE-2022-21449

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...

7.5CVSS7.2AI score0.46677EPSS
Exploits6References7
Positive Technologies
Positive Technologies
added 2022/04/07 12:0 a.m.3 views

PT-2022-11802 · Unknown +3 · Devise-Two-Factor +3

Name of the Vulnerable Software and Affected Versions: devise-two-factor versions prior to 4.0.2 Description: The issue allows reusing a One-Time-Password OTP for one immediately trailing interval due to an incomplete fix. Recommendations: For versions prior to 4.0.2, update to version 4.0.2 or...

6CVSS5.6AI score0.00846EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2022/03/30 12:15 p.m.2 views

CVE-2022-1181

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2...

8CVSS6.6AI score0.51472EPSS
Exploits2References3
Circl
Circl
added 2022/03/03 10:26 p.m.5 views

CVE-2021-3602

creationtimestamp| type| source ---|---|--- 2022-03-03 22:26:16+00:00| seen| https://t.me/cibsecurity/38376 2023-11-15 16:53:03+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5977...

5.5CVSS5.7AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.4 views

PT-2022-16827 · Unknown · Fluture-Node

Name of the Vulnerable Software and Affected Versions: Fluture-Node versions 4.0.0 through 4.0.1 Description: Using followRedirects or followRedirectsWith with any of the redirection strategies built into Fluture-Node, paired with a request that includes confidential headers such as Authorization...

6.1CVSS6.1AI score0.00815EPSS
Exploits0References14
Snyk
Snyk
added 2022/02/23 2:6 p.m.2 views

Time-Based One-Time Password (TOTP) Reuse

Overview Affected versions of this package are vulnerable to Time-Based One-Time Password TOTP Reuse due to an improper fix of CVE-2015-7225, which makes it possible to reuse the OPT after 1 interval 30 seconds by default. If otpalloweddrift is configured, the OTP will be valid for the entire...

5.3CVSS6.8AI score0.01782EPSS
Exploits0References2
OSV
OSV
added 2022/02/06 9:15 p.m.7 views

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

9.8CVSS7.3AI score0.01306EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

Servisnet Tessa 授权问题漏洞

Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...

9.8CVSS8.4AI score0.11441EPSS
Exploits4References6
Rows per page
Query Builder