Lucene search
K
PtsecurityMost viewed

184315 matches found

Positive Technologies
Positive Technologies
•added 2023/05/09 12:0 a.m.•18 views

PT-2025-25967 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc6+ Description: A vulnerability in the Linux kernel has been resolved, which was causing a call trace with a null VSI during VF reset. The issue occurred during stress tests with attaching and detaching...

8.8CVSS8AI score0.12746EPSS
Exploits32References1088
Positive Technologies
Positive Technologies
•added 2023/05/08 12:0 a.m.•18 views

PT-2023-16126 · WordPress · Mega Addons For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Mega Addons For WPBakery Page Builder WordPress plugin versions prior to 4.3.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

5.4CVSS8.4AI score0.00444EPSS
Exploits2References4
Positive Technologies
Positive Technologies
•added 2023/04/28 12:0 a.m.•18 views

PT-2023-19396 · Sourcecodester · Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/services/view service.php. The manipulation of the id argument leads to SQL injection. It is possible to...

6.5CVSS7.1AI score0.0063EPSS
Exploits1References6
Positive Technologies
Positive Technologies
•added 2023/04/19 12:0 a.m.•18 views

PT-2023-4888

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M2 through 11.0.0-M4 Apache Tomcat versions 10.1.5 through 10.1.7 Apache Tomcat versions 9.0.71 through 9.0.73 Apache Tomcat versions 8.5.85 through 8.5.87 Bamboo Data Center and Server version 8.1.12 and later,...

10CVSS7.2AI score0.99999EPSS
Exploits194References184
Positive Technologies
Positive Technologies
•added 2023/03/16 12:0 a.m.•18 views

PT-2023-13393 · Dell · Dell Precision Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability. A local malicious user with high...

7.5CVSS6.9AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2023/03/02 12:0 a.m.•18 views

PT-2023-12689 · Red Hat · Keycloak Node.Js Adapter

Name of the Vulnerable Software and Affected Versions: Keycloak Node.js Adapter affected versions not specified Description: A flaw was found in the Keycloak Node.js Adapter, allowing an attacker to benefit from an Open Redirect vulnerability in the checkSso function. This issue is also present...

6.1CVSS6.2AI score0.00399EPSS
Exploits0References10
Positive Technologies
Positive Technologies
•added 2023/01/16 12:0 a.m.•18 views

PT-2023-14585 · WordPress · The Real Cookie Banner

Name of the Vulnerable Software and Affected Versions: The Real Cookie Banner WordPress plugin versions prior to 3.4.10 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. This is due to the plugin not...

5.4CVSS5.3AI score0.00534EPSS
Exploits2References5
Positive Technologies
Positive Technologies
•added 2023/01/02 12:0 a.m.•18 views

PT-2025-53223

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of the ELF header buffer during kexec. Specifically, a superfluous vfree call within the crash load segments function's error pa...

7.8CVSS7.6AI score0.00462EPSS
Exploits2References901
Positive Technologies
Positive Technologies
•added 2022/12/20 12:0 a.m.•18 views

PT-2022-27890 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered, which can be triggered via the limitSpeedUp parameter at the "/goform/SetClientState" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, avoid using...

7.5CVSS7.6AI score0.00815EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2022/11/21 12:0 a.m.•18 views

PT-2024-11890

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel has been resolved, specifically in the btrfs qgroup, where a sleep function was called from an invalid context in btrfs qgroup inherit. This issue was reported ...

5.5CVSS6.7AI score0.00304EPSS
Exploits0References438
Positive Technologies
Positive Technologies
•added 2022/11/03 12:0 a.m.•18 views

PT-2022-26533 · Unknown · Deep-Parse-Json

Name of the Vulnerable Software and Affected Versions: deep-parse-json version 1.0.2 Description: The issue allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto...

5.3CVSS7.2AI score0.00615EPSS
Exploits1References8
Positive Technologies
Positive Technologies
•added 2022/10/11 12:0 a.m.•18 views

PT-2022-6242 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, classified as problematic. It affects the nilfs new inode function of the fs/nilfs2/inode.c file in the BPF component, leading to use aft...

9.8CVSS7.5AI score0.71737EPSS
Exploits227References1790
Positive Technologies
Positive Technologies
•added 2022/09/16 12:0 a.m.•18 views

PT-2022-23113

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when the mlir::tfg::GraphDefImporter::ConvertNodeDef function...

7.5CVSS7.1AI score0.00547EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2022/09/09 12:0 a.m.•18 views

PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms

Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...

5.4CVSS5.2AI score0.00455EPSS
Exploits0References5
Positive Technologies
Positive Technologies
•added 2022/07/28 12:0 a.m.•18 views

PT-2022-6040 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.15 through 5.19 before 5.19.2 Description: The issue is related to an out-of-bounds read in the Linux kernel's ksmbd subsystem, specifically in the fs/ksmbd/smb2misc.c file. This occurs when handling the SMB2 TREE...

9.8CVSS7.1AI score0.58461EPSS
Exploits76References502
Positive Technologies
Positive Technologies
•added 2022/07/07 12:0 a.m.•18 views

PT-2022-6209 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0 through 9.4.46 Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The parsing of the authority segment of an http scheme URI in the Jetty HttpURI class improperl...

7.5CVSS6.5AI score0.99999EPSS
Exploits31References91
Positive Technologies
Positive Technologies
•added 2022/04/20 12:0 a.m.•18 views

PT-2022-2325

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server...

9.8CVSS7.5AI score0.88057EPSS
Exploits2References24
Positive Technologies
Positive Technologies
•added 2022/02/09 12:0 a.m.•18 views

PT-2022-7628 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the btrfs filesystem in the Linux kernel. When using the flushoncommit mount option, a warning is triggered during almost every transaction commit due t...

8.8CVSS6.6AI score0.0193EPSS
Exploits16References1649
Positive Technologies
Positive Technologies
•added 2022/02/02 12:0 a.m.•18 views

PT-2022-1628 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc4 Description: A flaw in the kvm s390 guest sida op function in KVM for s390 in the Linux kernel allows a local attacker with normal user privileges to obtain unauthorized memory write access. This issue ...

9.8CVSS7.3AI score0.89063EPSS
Exploits296References1206
Positive Technologies
Positive Technologies
•added 2022/01/12 12:0 a.m.•18 views

PT-2022-1431 · Cisco · Cisco Ece

Name of the Vulnerable Software and Affected Versions: Cisco ECE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. Thi...

5.3CVSS7.2AI score0.00745EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2021/12/19 12:0 a.m.•18 views

PT-2021-24193 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.12.2 and earlier, 8.x versions prior to 8.0.1 Description: The issue allows authenticated SQL injection via the Tooltips action in the Project module, involving resource id and start date. This can be exploited by...

8.8CVSS8.9AI score0.02201EPSS
Exploits2References7
Positive Technologies
Positive Technologies
•added 2021/12/17 12:0 a.m.•18 views

PT-2021-23973 · Jsx-Slack · Jsx-Slack

Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...

7.5CVSS7.2AI score0.01916EPSS
Exploits2References12
Positive Technologies
Positive Technologies
•added 2021/12/13 12:0 a.m.•18 views

PT-2021-8215 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller Description: The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general...

9.1CVSS6.5AI score0.03681EPSS
Exploits9References1718
Positive Technologies
Positive Technologies
•added 2021/10/29 12:0 a.m.•18 views

PT-2021-7682 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free flaw was found in the Linux kernel’s Ext4 File System related to the overlay FS usage. This issue allows a local user to crash or potentially escalate their privileges...

9.8CVSS7.5AI score0.67994EPSS
Exploits213References1344
Positive Technologies
Positive Technologies
•added 2021/10/14 12:0 a.m.•18 views

PT-2021-7118 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15-rc1 Description: The issue is related to the io-workqueue implementation in the Linux kernel, which lacks protection of internal data. This can be exploited to cause a denial of service. A local user with...

9.8CVSS7.5AI score0.89063EPSS
Exploits317References1061
Positive Technologies
Positive Technologies
•added 2021/10/01 12:0 a.m.•18 views

PT-2021-22011

Name of the Vulnerable Software and Affected Versions: LiderAhenk software Lider module versions 2.1.15 and below Description: The issue is related to the Lider module in LiderAhenk software, where configurations are leaked via an unsecured API. An attacker with access to the configurations API...

9.6CVSS7.3AI score0.01569EPSS
Exploits1References9
Positive Technologies
Positive Technologies
•added 2021/09/14 12:0 a.m.•18 views

PT-2021-8175 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a list corruption vulnerability in the Linux kernel's lpfc driver. When the driver attempts to pass requests to the adapter and fails, a local fail msg string i...

9.8CVSS7.1AI score0.08555EPSS
Exploits20References1845
Positive Technologies
Positive Technologies
•added 2021/07/14 12:0 a.m.•18 views

PT-2021-7654

Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...

10CVSS7.2AI score0.30084EPSS
Exploits0References13
Positive Technologies
Positive Technologies
•added 2021/07/06 12:0 a.m.•18 views

PT-2024-11315 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 20798dfe249a Description: A NULL dereference vulnerability has been resolved in the Linux kernel. The issue occurs in the nfsd component, specifically in the nfs3svc encode getaclres function, where the dentry m...

5.5CVSS6.2AI score0.00237EPSS
Exploits0References15
Positive Technologies
Positive Technologies
•added 2021/06/08 12:0 a.m.•18 views

PT-2021-7013 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue was found in the drm lease held function in drivers/gpu/drm/drm lease.c due to a race problem, allowing a local user privilege attacker to cause a denial of...

8.8CVSS7.2AI score0.12746EPSS
Exploits54References626
Positive Technologies
Positive Technologies
•added 2021/05/14 12:0 a.m.•18 views

PT-2021-18305 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 Description: An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.DenseCountSparseOutput. This is because the implementation...

5.5CVSS5.2AI score0.00189EPSS
Exploits1References14
Positive Technologies
Positive Technologies
•added 2021/03/01 12:0 a.m.•18 views

PT-2021-7384 · Grub2 +2 · Grub2 +2

Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to the implementation of the shim lock mechanism in Grub2, which is associated with incorrect cryptographic signature verification. This flaw allows an attacker to boot any kernel...

8.2CVSS7AI score0.01738EPSS
Exploits2References52
Positive Technologies
Positive Technologies
•added 2021/02/09 12:0 a.m.•18 views

PT-2021-3888

Name of the Vulnerable Software and Affected Versions PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000, PM800 affected versions not specified Description The issue is related to insufficient authentication of executed requests, which could allow a remote attacker to...

8.5CVSS5.8AI score0.00321EPSS
Exploits0References8
Positive Technologies
Positive Technologies
•added 2020/09/16 12:0 a.m.•18 views

PT-2020-7001

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including...

9.8CVSS7.1AI score0.62606EPSS
Exploits2References96
Positive Technologies
Positive Technologies
•added 2020/07/24 12:0 a.m.•18 views

PT-2020-4970 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7.11 Description: A race condition exists between certain expand functions expand downwards and expand upwards and page-table free operations from an munmap call. This issue can be exploited to cause a denial ...

9.8CVSS7.6AI score0.78684EPSS
Exploits151References1789
Positive Technologies
Positive Technologies
•added 2020/07/04 12:0 a.m.•18 views

PT-2020-6924 · Bouncy Castle +1 · Bouncy Castle Bc C# .Net +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle BC Java versions 1.65 and earlier Bouncy Castle BC C .NET versions 1.8.6 and earlier Bouncy Castle BC-FJA versions 1.0.2.0 and earlier Bouncy Castle BC-FNA versions 1.0.1.0 and earlier Description: The issue is related to a timi...

9.8CVSS9.3AI score0.24282EPSS
Exploits1References45
Positive Technologies
Positive Technologies
•added 2020/06/30 12:0 a.m.•18 views

PT-2020-3000 · Microsoft · Windows Codecs Library

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Codecs Library affected versions not specified Description: A remote code execution issue exists due to errors in handling objects in memory within the Microsoft Windows Codecs Library. This can be exploited by an attacker t...

7.8CVSS7.8AI score0.08977EPSS
Exploits0References17
Positive Technologies
Positive Technologies
•added 2020/06/05 12:0 a.m.•18 views

PT-2020-12783 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.4 iTop versions prior to 2.7.0 Description: The issue concerns a stored XSS payload that can be exploited through a menu shortcut name in iTop. Recommendations: For versions prior to 2.6.4, update to version 2.6.4 o...

9.8CVSS6.7AI score0.25573EPSS
Exploits11References64
Positive Technologies
Positive Technologies
•added 2020/05/14 12:0 a.m.•18 views

PT-2020-5392 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.13 Description: The issue is related to the VFIO PCI driver in the Linux kernel, which mishandles attempts to access disabled memory space. This can be exploited to cause a denial of service. Recommendations:...

10CVSS7.3AI score0.98745EPSS
Exploits176References2184
Positive Technologies
Positive Technologies
•added 2020/05/07 12:0 a.m.•18 views

PT-2020-12514 · Oauth2 Proxy · Oauth2 Proxy

Name of the Vulnerable Software and Affected Versions: OAuth2 Proxy versions prior to 5.1.1 Description: The issue is related to an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This redirec...

7.1CVSS6.1AI score0.0079EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2020/02/25 12:0 a.m.•18 views

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

9.1CVSS8.2AI score0.99999EPSS
Exploits28References832
Positive Technologies
Positive Technologies
•added 2019/10/07 12:0 a.m.•18 views

PT-2019-5140 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.12 Description: The issue is related to a race condition in the XENMEM exchange component of the Xen hypervisor, which arose due to improper synchronization when accessing shared resources. This allows an attacker to...

9.8CVSS7.7AI score0.16658EPSS
Exploits4References200
Positive Technologies
Positive Technologies
•added 2017/01/26 12:0 a.m.•18 views

PT-2017-3944

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2k OpenSSL versions 1.1.0 through 1.1.0d MySQL Server versions 5.6.35 and earlier MySQL Server versions 5.7.18 and earlier Description The issue is related to an out-of-bounds read in the OpenSSL library when...

10CVSS8.5AI score0.99999EPSS
Exploits190References229
Positive Technologies
Positive Technologies
•added 2016/12/29 12:0 a.m.•18 views

PT-2022-24411 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.0 Description: A vulnerability has been found in phpipam, allowing for cross site scripting through the manipulation of an unknown functionality in the file app/admin/import-export/import-load-data.php of the...

9.8CVSS6.4AI score0.99714EPSS
Exploits84References76
Positive Technologies
Positive Technologies
•added 2016/11/05 12:0 a.m.•18 views

PT-2026-42782

Name of the Vulnerable Software and Affected Versions idna affected versions not specified Description The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For instance, ToUnicode"xn--example-.com" returns "example.com" instead of an...

9.8CVSS5.8AI score0.00478EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2015/07/23 12:0 a.m.•18 views

PT-2015-6138 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.1.6 Description: The issue allows local users to gain privileges by triggering an NMI within a certain instruction window due to improper reliance on espfix64 during nested NMI processing in arch/x86/entry/ent...

9.8CVSS6.5AI score0.37679EPSS
Exploits42References214
Positive Technologies
Positive Technologies
•added 2014/01/23 12:0 a.m.•18 views

PT-2017-1994 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.19 Description: The issue is related to the mishandling of counter grouping in the Linux kernel, specifically in the kernel/events/core.c file. This allows local users to gain privileges via a crafted...

10CVSS7.3AI score0.37679EPSS
Exploits136References529
Positive Technologies
Positive Technologies
•added 2009/01/01 12:0 a.m.•18 views

PT-2009-11: SlySoft Multiple Products ElbyCDIO.sys Denial of Service

Vulnerability Description Positive Technologies Research Team has discovered multiple memory corruption vulnerabilities in SlySoft products. The IOCTL handler in ElbyCDIO.sys 6.0.2.0 and earlier, shipped with AnyDVD, Virtual CloneDrive, CloneDVD and CloneCD, uses the METHODNEITHER communication...

4.9CVSS8.3AI score0.00725EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2005/12/31 12:0 a.m.•18 views

PT-2005-2726 · Oracle +1 · Javamail Api +1

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun...

9.8CVSS6.9AI score0.9927EPSS
Exploits50References65
Positive Technologies
Positive Technologies
•added 2004/08/31 12:0 a.m.•18 views

PT-2004-2559 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program suc...

10CVSS7.5AI score0.99506EPSS
Exploits207References339
Total number of security vulnerabilities5000