Lucene search
K

203 matches found

Hacker One
Hacker One
added 2022/11/29 10:8 a.m.142 views

Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable

Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...

4CVSS5.6AI score0.00559EPSS
Exploits0
Code423n4
Code423n4
added 2022/11/17 12:0 a.m.8 views

Upgraded Q -> M from #74 [1668688523897]

Judge has assessed an item in Issue 74 as M risk. The relevant finding follows: Low-7 EXCHANGE & SWAP are able to transfer any user funds to other addresses --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-35341 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.58 through v5.15.74 Description: A memory leak issue was discovered in the hpd rx irq create workqueue function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/02 12:0 a.m.43 views

JVN#76024879: PowerCMS XMLRPC API vulnerable to command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the developer,...

9.8CVSS9.7AI score0.01676EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2022/08/31 9:36 p.m.14 views

annu.decolletage.74.free.fr Cross Site Scripting vulnerability OBB-2881688

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.6 views

Ubuntu: Security Advisory (USN-74-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.7 views

Ubuntu: Security Advisory (USN-74-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Talos Blog
Talos Blog
added 2022/05/10 12:31 p.m.12 views

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft...

1.4AI score
Exploits0
ICS
ICS
added 2022/04/12 12:0 a.m.74 views

Mitsubishi Electric GT25-WLAN

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27 Vulnerabilities: Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength,...

6.5CVSS8.1AI score0.05765EPSS
Exploits4References5
Debian
Debian
added 2022/04/10 6:7 p.m.99 views

[SECURITY] [DSA 5117-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2022 https://www.debian.org/security/faq -...

7.8CVSS8AI score0.00352EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.18 views

Schneider Electric Modicon Injection (CVE-2020-7475)

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

9.8CVSS8.5AI score0.01542EPSS
Exploits0References2
ICS
ICS
added 2021/10/05 12:0 a.m.120 views

Honeywell Experion PKS and ACE Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper...

10CVSS9.6AI score0.00875EPSS
Exploits1References5
Openbugbounty
Openbugbounty
added 2020/09/14 3:42 p.m.8 views

jpr-74.fr Cross Site Scripting vulnerability OBB-1336356

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.6AI score
Exploits0
OSV
OSV
added 2020/06/03 11:15 p.m.3 views

UBUNTU-CVE-2020-6503

Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

6.5CVSS6.8AI score0.00746EPSS
Exploits1References4
OSV
OSV
added 2020/06/03 11:15 p.m.2 views

UBUNTU-CVE-2020-6504

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page...

4.3CVSS7.3AI score0.00544EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2020/06/01 11:9 a.m.8 views

74-50-97-2.static.hvvc.us Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1180000 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Exploits0
RedhatCVE
RedhatCVE
added 2020/04/29 12:40 p.m.24 views

CVE-2020-6815

Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affec...

9.8CVSS3.4AI score0.01327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/29 12:39 p.m.27 views

CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

7.5CVSS2.5AI score0.01429EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/29 12:39 p.m.30 views

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

6.5CVSS0.3AI score0.01039EPSS
Exploits0References4
OSV
OSV
added 2020/04/24 4:15 p.m.8 views

CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

9.8CVSS9.9AI score
Exploits0References5
Rows per page
Query Builder