Lucene search

K

EC-CUBE CO.,LTD. Security Vulnerabilities

nvd
nvd

CVE-2023-23990

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...

7.6CVSS

7.6AI Score

0.0004EPSS

2024-05-17 07:15 AM
1
cnvd
cnvd

Command Execution Vulnerability in DAS Green Alliance Database Auditing System of Beijing Shenzhou Green Alliance Technology Co.

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. A command execution vulnerability exists in the DAS Green Alliance database auditing system of Beijing Shenzhou Green Alliance Technology Co. Ltd,...

7.5AI Score

2024-03-11 12:00 AM
8
redhat
redhat

(RHSA-2024:2213) Moderate: pcp security update

Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....

6.9AI Score

0.0004EPSS

2024-04-30 06:15 AM
4
apple
apple

About the security content of visionOS 1.2

About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

7.8AI Score

0.0005EPSS

2024-06-10 12:00 AM
2
nessus
nessus

RHEL 8 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...

7.4CVSS

6.8AI Score

0.015EPSS

2024-06-03 12:00 AM
cve
cve

CVE-2023-34310

Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
27
cvelist
cvelist

CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:57 AM
2
vulnrichment
vulnrichment

CVE-2023-34310 Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
jvn
jvn

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...

6.3AI Score

0.006EPSS

2014-01-22 12:00 AM
11
vulnrichment
vulnrichment

CVE-2023-34309 Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
cve
cve

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

6.6AI Score

0.0004EPSS

2024-05-01 01:15 PM
30
cvelist
cvelist

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

6.8AI Score

0.0004EPSS

2024-05-01 01:00 PM
1
cve
cve

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-10-11 07:15 PM
58
nvd
nvd

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-10-11 07:15 PM
cve
cve

CVE-2023-34309

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
21
cvelist
cvelist

CVE-2023-34309 Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a....

7.8CVSS

8.2AI Score

0.001EPSS

2024-05-03 01:57 AM
2
nvd
nvd

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...

7.2AI Score

0.0004EPSS

2024-04-17 12:15 AM
cvelist
cvelist

CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

8.3AI Score

0.001EPSS

2024-05-03 01:57 AM
cve
cve

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...

7.5AI Score

0.0004EPSS

2024-04-17 12:15 AM
30
cve
cve

CVE-2023-35710

Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

8.1AI Score

0.001EPSS

2024-05-03 02:15 AM
21
vulnrichment
vulnrichment

CVE-2023-35710 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS

7.5AI Score

0.001EPSS

2024-05-03 01:57 AM
1
openvas
openvas

Report default community names of the SNMP Agent

Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are...

7.5CVSS

7.2AI Score

EPSS

2014-03-12 12:00 AM
1292
nessus
nessus

OpenSSL 1.0.2 < 1.0.2t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2t advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

4.7CVSS

5.8AI Score

0.015EPSS

2019-08-23 12:00 AM
70
cvelist
cvelist

CVE-2024-31680

File Upload vulnerability in Shibang Communications Co., Ltd. IP network intercom broadcasting system v.1.0 allows a local attacker to execute arbitrary code via the my_parser.php...

7.4AI Score

0.0004EPSS

2024-04-16 12:00 AM
vulnrichment
vulnrichment

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

6.9AI Score

0.0004EPSS

2024-05-01 01:00 PM
nessus
nessus

OpenSSL 1.1.0 < 1.1.0l Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0l. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0l advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

4.7CVSS

5.8AI Score

0.015EPSS

2019-08-23 12:00 AM
19
githubexploit
githubexploit

Exploit for OS Command Injection in Contec Sv-Cpt-Mc310 Firmware

CVE-2022-29303-Exploit Exploit for CVE-2022-29303 Usage...

9.8CVSS

9.7AI Score

0.966EPSS

2022-05-31 10:55 PM
224
cve
cve

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all...

7.1AI Score

0.0004EPSS

2024-06-03 07:15 PM
25
nvd
nvd

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

6.7AI Score

EPSS

2024-05-14 03:14 PM
1
cnvd
cnvd

File upload vulnerability in web-based network management system of Xinhua San Technologies Co.(CNVD-2024-18761)

Xinhua San Technology Co., Ltd. is a company that mainly provides research, development, production, sales and service of IT infrastructure products and solutions. A file upload vulnerability exists in the web-based network management system of Xinhua San Technologies Limited, which can be...

7.3AI Score

2024-03-11 12:00 AM
9
cvelist
cvelist

CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.4AI Score

0.0004EPSS

2024-05-20 09:48 AM
vulnrichment
vulnrichment

CVE-2024-36006 mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.8AI Score

0.0004EPSS

2024-05-20 09:48 AM
cve
cve

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

6.9AI Score

EPSS

2024-05-14 03:14 PM
19
cve
cve

CVE-2024-5138

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....

6.8AI Score

0.0004EPSS

2024-05-31 09:15 PM
28
cve
cve

CVE-2022-1242

Apport can be tricked into connecting to arbitrary sockets as the root...

6.7AI Score

0.0004EPSS

2024-06-03 07:15 PM
319
2
nessus
nessus

FreeBSD : mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. (273c6c43-e3ad-11e9-8af7-08002720423d)

Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports : Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV...

5.3CVSS

4.7AI Score

0.0004EPSS

2019-10-14 12:00 AM
15
cve
cve

CVE-2022-4968

netplan leaks the private key of wireguard to local users. A security fix will be released...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-07 01:15 AM
7
nvd
nvd

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

6.3AI Score

0.0004EPSS

2024-05-03 02:15 PM
1
cvelist
cvelist

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

6.9AI Score

EPSS

1976-01-01 12:00 AM
1
cnvd
cnvd

Arbitrary File Download Vulnerability in Yonghong Z-Suite of Beijing Yonghong Business Intelligence Technology Co.

Yonghong Z-Suite is a one-stop big data analytics platform. Yonghong Z-Suite has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...

7AI Score

2024-04-02 12:00 AM
6
cve
cve

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.6AI Score

0.0004EPSS

2024-05-20 10:15 AM
28
nessus
nessus

OpenSSL 1.1.1 < 1.1.1d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1d advisory. In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

5.3CVSS

5.8AI Score

0.015EPSS

2019-08-23 12:00 AM
299
nessus
nessus

RHEL 8 : grafana-pcp (RHSA-2024:1644)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1644 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-04-02 12:00 AM
9
cve
cve

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

10CVSS

9.8AI Score

0.001EPSS

2023-10-10 06:15 PM
17
nvd
nvd

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

9.8CVSS

10AI Score

0.001EPSS

2023-10-10 06:15 PM
cve
cve

CVE-2023-4039

DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

4.8CVSS

5.3AI Score

0.0005EPSS

2023-09-13 09:15 AM
216
nessus
nessus

ColdFusion on IIS cfm/dbm Diagnostic Error Path Disclosure

It was possible to make the remote web server disclose the physical path to its web root by requesting a MS-DOS device ending in .dbm (as in...

6.5AI Score

0.018EPSS

2003-03-15 12:00 AM
164
nvd
nvd

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

9.1AI Score

0.003EPSS

2020-07-30 04:15 PM
cve
cve

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

8.9AI Score

0.003EPSS

2020-07-30 04:15 PM
25
openvas
openvas

Microsoft Exchange Public Folders Information Leak

Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...

6.3AI Score

0.015EPSS

2005-11-03 12:00 AM
9
Total number of security vulnerabilities15963