Lucene search
K
SecurityvulnsRecent

47153 matches found

securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•98 views

APPLE-SA-2011-10-26-1 QuickTime 7.7.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-26-1 QuickTime 7.7.1 QuickTime 7.7.1 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application...

9.3CVSS0.6AI score0.05134EPSS
Exploits7
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•59 views

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-312 October 27, 2011 -- CVE ID: CVE-2011-3221 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple...

6.8CVSS1.3AI score0.02961EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•70 views

[SECURITY] [DSA 2331-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq -...

5.8CVSS7.3AI score0.01203EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•22 views

Cisco Video Surveillance DoS

Crash on RTSP packet parsing...

7.8CVSS3.4AI score0.01205EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•68 views

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-311 October 27, 2011 -- CVE ID: CVE-2011-3220 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

4.3CVSS0.9AI score0.0189EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•56 views

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-299 October 26, 2011 -- CVE ID: CVE-2011-2435 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...

9.3CVSS0.7AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•56 views

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-308 October 26, 2011 -- CVE ID: CVE-2011-4004 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco WebEx --...

9.3CVSS0.2AI score0.03811EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•49 views

ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability

ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-297 October 26, 2011 -- CVE ID: CVE-2011-2437 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -- Vulnerability...

9.3CVSS0.6AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•54 views

ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability

ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-301 October 26, 2011 -- CVE ID: CVE-2011-2434 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

9.3CVSS0.4AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•58 views

ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability

ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-300 October 26, 2011 -- CVE ID: CVE-2011-2433 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader --...

9.3CVSS0.4AI score0.0594EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•50 views

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras Advisory ID: cisco-sa-20111026-camera Revision 1.0 For Public Release 2011 October 26 16:00 UTC GMT +--------------------------------------------------------------------- Summary...

7.8CVSS0.5AI score0.01205EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•60 views

ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability

ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-302 October 26, 2011 -- CVE ID: CVE-2011-2432 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Reader -...

9.3CVSS0.9AI score0.53046EPSS
Exploits14
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•78 views

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]

Title ----- DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal CVE-2011-3315 Severity -------- High Date Discovered --------------- August 9, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$ Vulnerability Description...

7.8CVSS0.7AI score0.26393EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•148 views

HP Network Node Manager i information leakage

No description provided...

6.5CVSS0.8AI score0.79415EPSS
Exploits29References5Affected Software1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•316 views

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 1 HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

5CVSS0.3AI score0.79415EPSS
Exploits28
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•119 views

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-305 October 26, 2011 -- CVE ID: CVE-2011-3544 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

10CVSS9.7AI score0.96714EPSS
Exploits13
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•81 views

RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.

Hello, This is Paul Oxman with Cisco PSIRT. Please confirms the vulnerability reported by Peter Adkins, and has published an Intellishield response http://tools.cisco.com/security/center/viewAlert.x?alertId=24458 Additional information below. For current updates to Cisco PSIRT response, please se...

6.8CVSS0.3AI score0.00327EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•54 views

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-314 October 27, 2011 -- CVE ID: CVE-2011-3247 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...

9.3CVSS0.2AI score0.03682EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/31 12:0 a.m.•119 views

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-306 October 26, 2011 -- CVE ID: CVE-2011-3521 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

10CVSS1.1AI score0.03932EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•63 views

[CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Cisco Nexus OS NX-OS - Command "injection" / sanitization issues. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Discovery by: 1 Peter Adkins [email protected] Access: 1 Local;...

6.8CVSS1.5AI score0.00327EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•32 views

zFTP FTP server buffer overflow

Buffer overflow on STAT and CWD commands processing...

3.1AI score
Exploits0References1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•37 views

cyrus-imapd DoS

Crash on parsing message References: header...

4.3CVSS2.4AI score0.02142EPSS
Exploits0Affected Software1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•59 views

[ GLSA 201110-14 ] D-Bus: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 201110-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

4.6CVSS0.6AI score0.0058EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•46 views

D-Bus symbolic links vulnerability

configure script insecure file creation...

3.3CVSS1.2AI score0.00286EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•51 views

[SECURITY] [DSA 2326-1] pam security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2326-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 24, 2011 http://www.debian.org/security/faq -...

4.6CVSS3.7AI score0.00696EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•44 views

pam buffer overflow

pamenv module buffer overflow...

4.6CVSS3.8AI score0.00696EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•64 views

TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite

TC-SA-2011-01: Multiple vulnerabilities in OmniTouch Instant Communication Suite Published: 2011/10/24 Advisory-Version: 1.0 References: - Alcatel Lucent Vulnerability Statement 2011003 Multiple vulnerabilities in OmniTouch Instant Communication Suite - CVE-2011-4058 - multiple XSS vulnerabilitie...

5.9AI score
Exploits1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•37 views

ClamAV antivirus DoS

Crash on high recurson level...

4.3CVSS2.1AI score0.02644EPSS
Exploits0Affected Software1
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•154 views

zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability

zFtp Server = 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability 1. OVERVIEW The zFTP server is found to be vulnerable to denial of service in handling multiple STAT and CWD command requests. 2. BACKGROUND The zFTP server is a Windows based FTP server with focus on clever Active...

1.6AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/26 12:0 a.m.•25 views

Alcatel Lucent OmniTouch Instant Communication Suite multiple security vulnerabilities

Crossite scripting, request forgery...

1.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•39 views

Multiple vulnerabilities in BugFree

Vulnerability ID: HTB23048 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbugfree.html Product: BugFree Vendor: www.bugfree.org.cn http://www.bugfree.org.cn/ Vulnerable Version: 2.1.3 and probably prior Tested Version: 2.1.3 Vendor Notification: 21 September 2011 Vulnerabili...

5.9AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•57 views

Code Execution and FPD vulnerabilities in Simple:Press Forum for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Simple:Press Forum for WordPress. These are Code Execution and Full path disclosure vulnerabilities. Code Execution WASC-31: Execution of arbitrary code is possible via TinyBrowser. As I already told concerning...

1.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•75 views

Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection

-------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection -------------------------------------------------------------------- author...............: EgiX mail.................: n0b0d13satgmaildotcom software link........:...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•44 views

Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability

Advisory: Active CMS 1.2.0 'mod' Cross-site Scripting Vulnerability Advisory ID: SSCHADV2011-020 Author: Stefan Schurtz Affected Software: Successfully tested on Active CMS 1.2.0 Vendor URL: http://www.activedev.net/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...

0.3AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•49 views

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

6.8CVSS1.6AI score0.04699EPSS
Exploits8References22Affected Software14
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•78 views

MITKRB5-SA-2011-006 KDC denial of service vulnerabilities [CVE-2011-1527 CVE-2011-1528 CVE-2011-1529]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-006 MIT krb5 Security Advisory 2011-006 Original release: 2011-10-18 Last update: 2011-10-18 Topic: KDC denial of service vulnerabilities CVE-2011-1527: null pointer dereference in KDC LDAP back end CVSSv2 Vector:...

7.8CVSS6.3AI score0.04177EPSS
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•42 views

MIT krb5 FTP server privilege escalation

Daemon group privileges are not dropped. DoS conditions in different backends...

7.8CVSS3.1AI score0.04177EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•171 views

Multiple vulnerabilities in Pretty Link WordPress Plugin

Vulnerability ID: HTB23049 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinprettylinkwordpressplugin.html Product: Pretty Link WordPress Plugin Vendor: Caseproof http://blairwilliams.com/ Vulnerable Version: 1.4.56 and probably prior Tested Version: 1.4.56 Vendor Notification...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•39 views

Microsoft Internet Explorer multiple security vulnerabilities

Multiple memory corruptions with code execution...

9.3CVSS2.7AI score0.60456EPSS
Exploits13References7Affected Software1
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•126 views

DNS Poisoning via Port Exhaustion

Hey, Today we are releasing a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers. It discloses two vulnerabilities: 1. A vulnerability in Java CVE-2011-3552, CVE-2010-4448 which enables remote DNS poisoning using Java applets. This vulnerability can be...

2.6CVSS9.2AI score0.02905EPSS
Exploits1
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•63 views

msgid:[email protected][email protected]&[email protected]&folder=\\3APA3A\Bugtraq&subject=Related%20POC%20for%20JCE%20Joomla%20Extension%20<%3D2

After release of vendor supplied patch for JCE's vulnerabilities, AmnPardaz is going to submit related POC for this issue in Perl and PHP after one month for educational purposes. PHP Version: ?php www.bugreport.ir AmnPardaz Security Research & Penetration Testing Group Title: Exploit for JCE...

0.2AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•57 views

Multiple vulnerabilities in Tine 2.0

Vulnerability ID: HTB23050 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org Vulnerable Version: Maischa 2011/05 and probably prior Tested Version: Maischa 2011/05 Vendor Notification: 28...

5.9AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•58 views

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability

ZDI-11-295 : Apple QuickTime FlashPix JPEG Tables Selector Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-295 October 18, 2011 -- CVE ID: CVE-2011-3222 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime...

6.8CVSS0.4AI score0.03363EPSS
Exploits2
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•53 views

Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities

Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed EDB-ID: 17997 ==========================...

7.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•44 views

openEngine 2.0 'key' Blind SQL Injection vulnerability

Advisory: openEngine 2.0 'key' Blind SQL Injection vulnerability Advisory ID: SSCHADV2011-026 Author: Stefan Schurtz Affected Software: Successfully tested on openEngine 2.0 100226 Vendor URL: http://www.openengine.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability...

8.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•92 views

ZOHO ManageEngine ADSelfService Plus Administrative Access

ZOHO ManageEngine ADSelfService Plus Administrative Access ========================================================== ADVISORY INFORMATION Title: ZOHO ManageEngine ADSelfService Plus Administrative Access Release date: 10/10/2011 Last update: 10/10/2011 Credits: Roberto Paleari, Emaze Networks...

Exploits1
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•25 views

HP Data Protector Notebook Extension multiple security vulnerabilities

No description provided...

10CVSS1.1AI score0.1169EPSS
Exploits0References1Affected Software2
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•45 views

Site@School 2.4.10 SQL Injection & XSS vulnerabilities

Advisory: Site@School 2.4.10 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-030 Author: Stefan Schurtz Affected Software: Successfully tested on Site@School 2.4.10 Vendor URL: http://sourceforge.net/projects/siteatschool/ Vendor Status: insecure and no longer maintained CVE-ID: -...

7.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•94 views

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability

Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow Vulnerability tested against: Microsoft Windows 2k3 r2 sp2 Oracle Hyperion Performance Management and BI v11.1.2.1.0 download url of the Oracle Hyperion suite:...

0.4AI score
Exploits0
securityvulns
securityvulns
•added 2011/10/24 12:0 a.m.•31 views

tor multiple security vulnerabilities

Heap buffer overflow, DoS, key information leak...

6.8CVSS1.8AI score0.04444EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities47153