Lucene search

K

EC-CUBE CO.,LTD. Security Vulnerabilities

cve
cve

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

8.9AI Score

0.003EPSS

2020-07-30 04:15 PM
25
nessus
nessus

DNN (DotNetNuke) < 3.0.12 Multiple XSS

The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script...

6.7AI Score

0.008EPSS

2005-06-16 12:00 AM
23
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2566)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2566 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-30 12:00 AM
8
nvd
nvd

CVE-2023-6363

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...

6.3AI Score

0.0004EPSS

2024-05-03 02:15 PM
1
ibm
ibm

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...

6.2AI Score

2024-05-13 03:07 PM
8
cve
cve

CVE-2024-28094

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database...

8.8CVSS

9AI Score

0.0004EPSS

2024-03-07 04:15 AM
29
openbugbounty
openbugbounty

co-players.gr Improper Access Control vulnerability OBB-3832213

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-01-11 06:30 PM
6
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.73 - Reflected Cross-Site Scripting via search_term

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
nessus
nessus

Cisco IOS XE libsrtp DoS (CSCux04317)

The remote Cisco IOS XE device is missing vendor-supplied security patches, and it is configured to use the Cisco Unified Border Element (CUBE) or Session Border Controller (SBC) features. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol...

7.5CVSS

7.4AI Score

0.026EPSS

2016-06-22 12:00 AM
21
cve
cve

CVE-2024-28095

News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-03-07 04:15 AM
28
nvd
nvd

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

0.001EPSS

2022-12-31 04:15 PM
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-28 12:00 AM
cve
cve

CVE-2024-28096

Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...

7.3CVSS

6.7AI Score

0.0004EPSS

2024-03-07 04:15 AM
33
cve
cve

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

6AI Score

0.001EPSS

2022-12-31 04:15 PM
52
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2213)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2213 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

6CVSS

6.4AI Score

0.0004EPSS

2024-04-30 12:00 AM
2
nessus
nessus

RHEL 7 : pcp (RHSA-2020:3869)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3869 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level...

8.4CVSS

8.2AI Score

0.001EPSS

2020-09-29 12:00 AM
11
ubuntucve
ubuntucve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 12:00 AM
3
debiancve
debiancve

CVE-2021-47441

In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...

6.5AI Score

0.0004EPSS

2024-05-22 07:15 AM
4
cnvd
cnvd

Command Execution Vulnerability in Dahua EIMS System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Dahua EIMS system of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to gain server...

7.5AI Score

2024-03-06 12:00 AM
13
nvd
nvd

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

6.4AI Score

0.0004EPSS

2024-05-20 10:15 AM
osv
osv

CVE-2023-31145

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...

6.1CVSS

6AI Score

0.001EPSS

2023-05-15 09:15 PM
6
cve
cve

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated...

6.7AI Score

0.0004EPSS

2024-05-14 03:39 PM
5
openbugbounty
openbugbounty

co-2.ch Cross Site Scripting vulnerability OBB-3831720

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-11 08:52 AM
8
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
nvd
nvd

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
cve
cve

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
26
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3325 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
5
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3323)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3323 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.5.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

5.8AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
nvd
nvd

CVE-2023-34286

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34299

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34302

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34287

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3321)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3321 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2024-31406

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized...

6.9AI Score

0.0004EPSS

2024-04-24 06:15 AM
31
nessus
nessus

Microsoft IIS Dangerous Sample Files Detection

Some of the IIS sample files are present. They all contain various security flaws which could allow an attacker to execute arbitrary commands, read arbitrary files or gain valuable information about the remote...

8AI Score

2000-04-15 12:00 AM
95
cve
cve

CVE-2022-28652

~/.config/apport/settings parsing is vulnerable to "billion laughs"...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:15 PM
166
2
cve
cve

CVE-2022-28656

is_closing_session() allows users to consume RAM in the Apport...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 10:15 PM
15
cve
cve

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:15 PM
34
cnvd
cnvd

Deserialization Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-17662)

Beijing Yisetong Technology Development Co., Ltd. is a leading provider of data security business and network security business at home and abroad. A deserialization vulnerability exists in Yisetong's electronic document security management system, which can be exploited by an attacker to gain...

7.4AI Score

2024-03-05 12:00 AM
4
cvelist
cvelist

CVE-2024-35855 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

6.4AI Score

0.0004EPSS

2024-05-17 02:47 PM
osv
osv

CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened.....

8.7CVSS

5AI Score

0.0005EPSS

2023-05-31 07:15 PM
2
redhat
redhat

(RHSA-2023:7370) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-4128,...

8.4AI Score

0.025EPSS

2023-11-21 08:13 AM
20
cve
cve

CVE-2024-35855

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this...

6.7AI Score

0.0004EPSS

2024-05-17 03:15 PM
26
nvd
nvd

CVE-2024-1395

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....

6.3AI Score

0.0004EPSS

2024-05-03 02:15 PM
cve
cve

CVE-2022-28655

is_closing_session() allows users to create arbitrary tcp dbus...

7.1CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:15 PM
19
cve
cve

CVE-2022-28657

Apport does not disable python crash handler before entering...

7.8CVSS

6.6AI Score

0.0004EPSS

2024-06-04 10:15 PM
20
cve
cve

CVE-2022-28654

is_closing_session() allows users to fill up...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-06-04 10:15 PM
13
Total number of security vulnerabilities15963