Lucene search
K
CvelistMost viewed

365140 matches found

cvelist
cvelist
•added 2022/01/19 11:24 a.m.•55 views

CVE-2022-21322

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where th...

6.3CVSS6.1AI score0.02621EPSS
Exploits0References3
cvelist
cvelist
•added 2021/11/19 6:53 p.m.•55 views

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

10CVSS9.8AI score0.02894EPSS
Exploits1References3
cvelist
cvelist
•added 2021/11/10 12:47 a.m.•55 views

CVE-2021-42298 Microsoft Defender Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.05293EPSS
Exploits0References1
cvelist
cvelist
•added 2021/11/05 10:10 p.m.•55 views

CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

5.5CVSS5.7AI score0.00235EPSS
Exploits0References2
cvelist
cvelist
•added 2021/10/04 5:43 a.m.•55 views

CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

8.8AI score0.01307EPSS
Exploits0References2
cvelist
cvelist
•added 2021/09/27 4:22 p.m.•55 views

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames...

7.8AI score0.02686EPSS
Exploits0References1
cvelist
cvelist
•added 2021/09/15 1:19 p.m.•55 views

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

8.8CVSS7.9AI score0.16102EPSS
Exploits1References1
cvelist
cvelist
•added 2021/06/16 11:9 a.m.•55 views

CVE-2021-20093

A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Runtime Server...

9.5AI score0.33304EPSS
Exploits1References4
cvelist
cvelist
•added 2021/06/08 10:46 p.m.•55 views

CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability

...

7.6CVSS7.7AI score0.04563EPSS
Exploits4References2
cvelist
cvelist
•added 2021/05/27 11:14 a.m.•55 views

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

8AI score0.00239EPSS
Exploits0References1
cvelist
cvelist
•added 2021/05/11 7:11 p.m.•55 views

CVE-2021-31211 Visual Studio Code Remote Code Execution Vulnerability

...

7.8CVSS8AI score0.02519EPSS
Exploits0References1
cvelist
cvelist
•added 2021/05/10 7:25 p.m.•55 views

CVE-2021-21430 Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

6.2CVSS6.6AI score0.00404EPSS
Exploits1References3
cvelist
cvelist
•added 2021/05/10 1:13 p.m.•55 views

CVE-2021-23008

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD Active Directory authentication can be bypassed via a spoofed AS-REP Kerberos Authentication Service Response response sent over a hijacked KDC...

9.8AI score0.01326EPSS
Exploits0References1
cvelist
cvelist
•added 2021/04/29 4:31 p.m.•55 views

CVE-2021-31438

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS8AI score0.02761EPSS
Exploits0References2
cvelist
cvelist
•added 2021/04/27 2:59 p.m.•55 views

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

8.9AI score0.01866EPSS
Exploits2References3
cvelist
cvelist
•added 2021/04/23 4:5 p.m.•55 views

CVE-2021-31404 Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS4.5AI score0.0021EPSS
Exploits0References2
cvelist
cvelist
•added 2021/04/22 9:53 p.m.•55 views

CVE-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

7.2CVSS6.7AI score0.01886EPSS
Exploits0References2
cvelist
cvelist
•added 2021/04/22 8:42 p.m.•55 views

CVE-2020-15795

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

8.1CVSS8AI score0.06366EPSS
Exploits0References2
cvelist
cvelist
•added 2021/04/14 12:0 a.m.•55 views

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

9AI score0.03753EPSS
Exploits5References3
cvelist
cvelist
•added 2021/03/24 6:32 a.m.•55 views

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...

5.4AI score0.01082EPSS
Exploits2References4
cvelist
cvelist
•added 2021/02/08 7:45 p.m.•55 views

CVE-2021-21240 Regular Expression Denial of Service in httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.5AI score0.03876EPSS
Exploits1References4
cvelist
cvelist
•added 2020/12/11 3:13 a.m.•55 views

CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS9.8AI score0.04519EPSS
Exploits1References1
cvelist
cvelist
•added 2020/12/09 11:36 p.m.•56 views

CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability

...

7.4CVSS7.4AI score0.03233EPSS
Exploits0References1
cvelist
cvelist
•added 2020/11/09 12:39 a.m.•55 views

CVE-2020-24400 SQL injection allows arbitrary read from database

Magento versions 2.4.0 and 2.3.5 and earlier are affected by an SQL Injection vulnerability that could lead to sensitive information disclosure. This vulnerability could be exploited by an authenticated user with permissions to the product listing page to read data from the database...

7.1CVSS6.9AI score0.02273EPSS
Exploits0References1
cvelist
cvelist
•added 2020/08/14 1:56 p.m.•55 views

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5...

7AI score0.60435EPSS
Exploits4References2
cvelist
cvelist
•added 2020/08/12 7:10 a.m.•55 views

CVE-2020-8913 Local arbitrary code execution in splitinstall in Android's Play Core

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a...

8.8CVSS8.8AI score0.02883EPSS
Exploits1References2
cvelist
cvelist
•added 2020/07/14 3:0 p.m.•55 views

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

7.6AI score0.87553EPSS
Exploits1References17
cvelist
cvelist
•added 2020/05/26 10:8 p.m.•55 views

CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

5.5AI score0.01928EPSS
Exploits1References6
cvelist
cvelist
•added 2020/05/19 7:29 p.m.•55 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...

9.8AI score0.77635EPSS
Exploits5References2
cvelist
cvelist
•added 2020/04/29 1:30 a.m.•55 views

CVE-2020-8481 ABB Central Licensing System - Information disclosure

For ABB products ABB Abilityâ„¢ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

9.8CVSS9.3AI score0.0181EPSS
Exploits0References2
cvelist
cvelist
•added 2020/04/22 3:29 p.m.•55 views

CVE-2020-10712

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from...

7CVSS8.1AI score0.0097EPSS
Exploits0References1
cvelist
cvelist
•added 2020/02/20 3:17 p.m.•55 views

CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

8AI score0.0211EPSS
Exploits0References5
cvelist
cvelist
•added 2020/02/17 3:2 a.m.•55 views

CVE-2020-9026

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected...

9.9AI score0.03059EPSS
Exploits1References1
cvelist
cvelist
•added 2020/02/03 2:15 p.m.•55 views

CVE-2013-2621

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL...

6.1AI score0.10692EPSS
Exploits4References3
cvelist
cvelist
•added 2019/12/10 2:19 p.m.•55 views

CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...

9.5AI score0.01764EPSS
Exploits1References8
cvelist
cvelist
•added 2019/09/26 2:21 p.m.•55 views

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

8.1AI score0.52873EPSS
Exploits0References17
cvelist
cvelist
•added 2019/08/28 8:33 p.m.•56 views

CVE-2019-15753

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...

9.2AI score0.02591EPSS
Exploits0References5
cvelist
cvelist
•added 2019/08/26 12:0 p.m.•56 views

CVE-2016-10931

An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification...

7.7AI score0.00745EPSS
Exploits0References1
cvelist
cvelist
•added 2019/08/13 8:50 p.m.•55 views

CVE-2019-9518 Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSHPROMISE. The peer spends ti...

7.5CVSS7.6AI score0.25448EPSS
Exploits0References27
cvelist
cvelist
•added 2019/07/31 12:45 p.m.•55 views

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

8.9AI score0.025EPSS
Exploits0References5
cvelist
cvelist
•added 2019/06/18 11:28 p.m.•55 views

CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

3.1CVSS6.2AI score0.04332EPSS
Exploits1References18
cvelist
cvelist
•added 2019/05/19 11:5 p.m.•55 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9AI score0.18106EPSS
Exploits3References2
cvelist
cvelist
•added 2019/04/30 5:40 p.m.•55 views

CVE-2019-9621

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component...

7.5AI score0.80906EPSS
Exploits10References9
cvelist
cvelist
•added 2019/04/30 12:25 p.m.•55 views

CVE-2019-10310

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...

8.6AI score0.01525EPSS
Exploits0References4
cvelist
cvelist
•added 2019/03/28 5:59 p.m.•55 views

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

9.6AI score0.03366EPSS
Exploits0References4
cvelist
cvelist
•added 2019/03/05 11:0 p.m.•55 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5AI score0.02296EPSS
Exploits0References8
cvelist
cvelist
•added 2019/01/31 6:0 p.m.•55 views

CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

6.5AI score0.01976EPSS
Exploits1References3
cvelist
cvelist
•added 2017/10/03 3:0 p.m.•55 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

7.7AI score0.99988EPSS
Exploits23References44
cvelist
cvelist
•added 2017/09/19 1:0 p.m.•55 views

CVE-2017-12615

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

7.5AI score0.99607EPSS
Exploits18References19
cvelist
cvelist
•added 2017/08/08 3:0 p.m.•55 views

CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

5AI score0.00434EPSS
Exploits0References11
Total number of security vulnerabilities5000