Lucene search
K

128 matches found

Prion
Prion
added 2022/02/23 11:15 p.m.23 views

Race condition

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

1.9CVSS4.4AI score0.00214EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/02/23 11:5 p.m.139 views

CVE-2022-23653

Summary (CVE-2022-23653): The B2 Command Line Tool (Linux/Mac) up to v3.2.0 stores API keys and bucket mappings in a local file (account_info) during first run of authorize-account. A TOCTOU race window between file creation (world-readable) and permission tightening can allow a local attacker to...

4.7CVSS4.3AI score0.00206EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/23 10:50 p.m.30 views

CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS4.2AI score0.00214EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/02/23 10:50 p.m.7 views

CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS4.3AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/02/23 10:50 p.m.51 views

CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS4.6AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2022/02/23 10:50 p.m.255 views

CVE-2022-23651

The CVE-2022-23651 issue affects b2-sdk-python 1.14.0 and earlier on Linux/macOS, where SqliteAccountInfo stores API keys and bucket mappings in a local database file. The vulnerability is a TOCTOU race: the database file is created world-readable and briefly becomes private, allowing a local att...

4.7CVSS4.2AI score0.00214EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/02/23 12:0 a.m.6 views

b2-sdk-python 安全漏洞

b2-sdk-python is a Python library for accessing B2 cloud storage. A security vulnerability exists in b2-sdk-python, which stems from the fact that under certain circumstances, a local attacker can exploit the vulnerability via a Time Checking Time of Use TOCTOU contention condition...

4.7CVSS5AI score0.00214EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/11/25 12:0 a.m.6 views

The vulnerability of the microprogrammed software of the D-Link DIR-605L B2 network device, related to insufficient protection of registration data, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the D-Link DIR-605L B2 network device’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a request...

7.8CVSS7.5AI score0.87039EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/09/24 9:15 p.m.18 views

CVE-2021-40655

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

7.5CVSS0.87039EPSS
Exploits1References3
OSV
OSV
added 2021/09/24 9:15 p.m.3 views

CVE-2021-40655

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...

7.5CVSS5.8AI score0.87039EPSS
Exploits1References3
CVE
CVE
added 2021/09/24 8:11 p.m.172 views

CVE-2021-40655

CVE-2021-40655 affects the D-Link DIR-605 series (DIR-605/B2, firmware 2.01MT). The issue is an information-disclosure vulnerability where an unauthenticated attacker can obtain a router username and password by forging a POST request to the /getcfg.php endpoint. The NVD/Nuclei/NASL/NIST referenc...

7.5CVSS7.4AI score0.87039EPSS
In wildExploits1References3Affected Software1
CNVD
CNVD
added 2020/06/28 12:0 a.m.4 views

Denial of Service Vulnerability in ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server

The C2000-B2-SFE0101-BB1 Serial Server is a serial device networking server. A denial of service vulnerability exists in the ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server, which can be exploited by an attacker to cause a denial of service...

6.7AI score
Exploits0
NVD
NVD
added 2020/04/20 11:15 p.m.14 views

CVE-2020-9278

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL...

9.1CVSS9.3AI score0.01623EPSS
Exploits1References3
Prion
Prion
added 2020/04/20 11:15 p.m.15 views

Stack overflow

An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The function docgi, which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with...

9CVSS9.3AI score0.02601EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2019/11/18 12:0 a.m.3 views

Denial of Service Vulnerability in C2000-B2-SFE0101-BB1 Serial Port Server

The C2000-B2-SIE0101-BB1 is an industrial-grade serial device networking server. A denial of service vulnerability exists in the C2000-B2-SFE0101-BB1 serial server that can be exploited by an attacker to cause the server to deny service...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/10/26 10:22 p.m.14 views

b2.astrosage.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1004174 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.11 views

Mitsubishi QJ71E71-B2 Communications Adapter Detection

Binary data 761516.prm...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/11/30 2:53 a.m.15 views

eservice.gov.bd XSS vulnerability

Open Bug Bounty ID: OBB-442714 Description| Value ---|--- Affected Website:| eservice.gov.bd Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
Oracle linux
Oracle linux
added 2017/03/08 12:0 a.m.65 views

firefox security update

45.8.0-2.0.1 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files 45.8.0-2 - Update to 45.8.0 ESR B2 45.8.0-1 - Update to 45.8.0 ESR 45.7.0-2 - Enabled ppc/s390 arches rhbz1418765...

10CVSS1.1AI score0.17484EPSS
Exploits8
CNVD
CNVD
added 2016/12/03 12:0 a.m.34 views

Denial of Service Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products

Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A denial of service vulnerability exists in multiple Mitsubishi Electric MELSEC-Q...

8.6CVSS6.9AI score0.02615EPSS
Exploits0References1
Rows per page
Query Builder