Lucene search

K

Yan&Co Security Vulnerabilities

nvd
nvd

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

9.8CVSS

10AI Score

0.001EPSS

2023-10-10 06:15 PM
cve
cve

CVE-2023-4309

Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

10CVSS

9.8AI Score

0.001EPSS

2023-10-10 06:15 PM
17
nvd
nvd

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

9.1AI Score

0.003EPSS

2020-07-30 04:15 PM
openvas
openvas

Microsoft Exchange Public Folders Information Leak

Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...

6.3AI Score

0.015EPSS

2005-11-03 12:00 AM
9
cve
cve

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent.....

9.1CVSS

8.9AI Score

0.003EPSS

2020-07-30 04:15 PM
25
nessus
nessus

DNN (DotNetNuke) < 3.0.12 Multiple XSS

The remote host is running DNN, a portal written in ASP. The remote installation of DNN, according to its version number, contains several input validation flaws leading to the execution of attacker supplied HTML and script...

6.7AI Score

0.008EPSS

2005-06-16 12:00 AM
23
cve
cve

CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows...

6.8AI Score

0.0004EPSS

2024-03-12 08:15 AM
31
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2566)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2566 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-30 12:00 AM
8
ibm
ibm

Security Bulletin: A vulnerability exists in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...

6.2AI Score

2024-05-13 03:07 PM
8
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.73 - Reflected Cross-Site Scripting via search_term

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
openbugbounty
openbugbounty

co-players.gr Improper Access Control vulnerability OBB-3832213

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-01-11 06:30 PM
6
osv
osv

CVE-2023-31145

Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...

6.1CVSS

6AI Score

0.001EPSS

2023-05-15 09:15 PM
6
cve
cve

CVE-2024-29734

Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running...

7.2AI Score

0.0004EPSS

2024-04-03 08:15 AM
28
nvd
nvd

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

0.001EPSS

2022-12-31 04:15 PM
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-05-28 12:00 AM
cve
cve

CVE-2014-125027

A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting....

6.1CVSS

6AI Score

0.001EPSS

2022-12-31 04:15 PM
52
nessus
nessus

RHEL 9 : pcp (RHSA-2024:2213)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2213 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

6CVSS

6.4AI Score

0.0004EPSS

2024-04-30 12:00 AM
2
nessus
nessus

RHEL 7 : pcp (RHSA-2020:3869)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3869 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level...

8.4CVSS

8.2AI Score

0.001EPSS

2020-09-29 12:00 AM
11
cve
cve

CVE-2024-32051

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive...

6.3AI Score

0.0004EPSS

2024-04-24 06:15 AM
27
cve
cve

CVE-2023-6116

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-04-26 08:15 AM
30
openbugbounty
openbugbounty

co-2.ch Cross Site Scripting vulnerability OBB-3831720

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-11 08:52 AM
8
cve
cve

CVE-2023-6095

Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the...

8.9CVSS

8.3AI Score

0.0004EPSS

2024-04-26 08:15 AM
26
cve
cve

CVE-2023-6096

Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and...

7.4CVSS

6.9AI Score

0.0004EPSS

2024-04-26 08:15 AM
36
nvd
nvd

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
cve
cve

CVE-2023-34301

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
26
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
4
wpvulndb
wpvulndb

Co-marquage service-public.fr < 0.5.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 0.5.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible.....

5.8AI Score

0.0004EPSS

2024-03-29 12:00 AM
6
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3325 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
3
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-23 12:00 AM
5
cve
cve

CVE-2023-52346

In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...

6.2AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52347

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52344

In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...

6.5AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52349

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
nvd
nvd

CVE-2023-34286

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nessus
nessus

RHEL 8 : pcp (RHSA-2024:3323)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3323 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
nvd
nvd

CVE-2023-34299

Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34302

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
nvd
nvd

CVE-2023-34287

Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

7.8CVSS

8AI Score

0.001EPSS

2024-05-03 02:15 AM
1
nessus
nessus

RHEL 9 : pcp (RHSA-2024:3321)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3321 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-05-23 12:00 AM
2
cve
cve

CVE-2023-52343

In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-52352

In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

6.6AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
cve
cve

CVE-2023-42427

Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.7, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is using the...

6.7AI Score

0.0004EPSS

2024-06-03 04:15 AM
15
cve
cve

CVE-2023-51436

Cross-site scripting vulnerability exists in UNIVERSAL PASSPORT RX versions 1.0.0 to 1.0.8, which may allow a remote authenticated attacker with an administrative privilege to execute an arbitrary script on the web browser of the user who is using the...

6.8AI Score

0.0004EPSS

2024-06-03 04:15 AM
15
redhat
redhat

(RHSA-2023:7370) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-4128,...

8.4AI Score

0.025EPSS

2023-11-21 08:13 AM
20
cve
cve

CVE-2023-52350

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

6.7AI Score

0.0004EPSS

2024-04-08 03:15 AM
24
osv
osv

CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened.....

8.7CVSS

5AI Score

0.0005EPSS

2023-05-31 07:15 PM
2
cnvd
cnvd

File upload vulnerability in web-based network management system of Xinhua San Technologies Co.(CNVD-2024-18761)

Xinhua San Technology Co., Ltd. is a company that mainly provides research, development, production, sales and service of IT infrastructure products and solutions. A file upload vulnerability exists in the web-based network management system of Xinhua San Technologies Limited, which can be...

7.3AI Score

2024-03-11 12:00 AM
9
cve
cve

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

6.6AI Score

0.0004EPSS

2024-04-17 11:15 AM
56
cvelist
cvelist

CVE-2024-26892 wifi: mt76: mt7921e: fix use-after-free in free_irq()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

7.5AI Score

0.0004EPSS

2024-04-17 10:27 AM
1
Total number of security vulnerabilities10934