Lucene search
K

2562 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/28 9:15 p.m.4 views

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

5.3CVSS6AI score0.01082EPSS
Exploits1References2
OSV
OSV
added 2022/01/28 9:15 p.m.14 views

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

5.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2022/01/28 9:15 p.m.17 views

Code injection

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

5CVSS5.3AI score0.01082EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/01/28 8:45 p.m.57 views

CVE-2022-23889

The CVE-2022-23889 entry concerns YzmCMS v6.3 where the comment function can be operated concurrently, enabling an attacker to generate an unusually large number of comments. The core issue is a race/concurrency condition in the comment handling code, leading to potential resource exhaustion or i...

5.3CVSS5.2AI score0.01082EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.4 views

YzmCMS 安全漏洞

Yzmcms is an open source CMS content management system for Yzmcms individual developers. an uncontrolled recursive vulnerability exists in YzmCMS v6.3, which stems from the fact that the comment function can operate concurrently and an attacker can use this vulnerability to create an unusually...

5.3CVSS5.6AI score0.01082EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2022/01/25 12:0 a.m.142 views

httpd:2.4 security update

httpd 2.4.37-43.1.0.1 - scoreboard: fix null pointer deference Orabug: 33690670CVE-2021-34798 - fix apescapequote logic Orabug: 33690686CVE-2021-39275 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html. 2.4.37-43.1 - Resolves:...

9.8CVSS1.1AI score0.97108EPSS
Exploits6
Veracode
Veracode
added 2022/01/24 11:15 a.m.16 views

Denial Of Service

onionsharecli is vulnerable to denial of service. The vulnerability exists in the ef init function in receivemode.py file, due to limitations in concurrent upload allowing an attacker to cause an application crash...

7.5CVSS3.5AI score0.01374EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/01/18 10:15 p.m.3 views

DEBIAN-CVE-2022-21689

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...

7.5CVSS6.9AI score0.01374EPSS
Exploits0References1
Prion
Prion
added 2022/01/18 10:15 p.m.14 views

Default credentials

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...

5CVSS7.4AI score0.01374EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/18 10:10 p.m.21 views

CVE-2022-21689 Denial of Service in Onionshare

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered b...

7.5CVSS6.9AI score0.01374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.5 views

PT-2022-15040 · Unknown +2 · Onionshare +2

Name of the Vulnerable Software and Affected Versions: OnionShare versions 2.4 Description: The receive mode in OnionShare limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mo...

8.7CVSS7.2AI score0.01374EPSS
Exploits0References21
OSV
OSV
added 2022/01/10 2:10 p.m.2 views

CVE-2021-39998

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart...

7.5CVSS5.8AI score0.00697EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/12/30 8:45 a.m.13 views

Cosmos: Race condition in faucet when using starport

Hi team, I and Aditya sent this bug over email on Wed, 29 Dec, 17:45 IST. Later we noticed that security reports are accepted via the HackerOne program. So, I am sending a copy of the bug report here. Summary: We were testing an application and we found a race condition bug in the faucet...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.2 views

tomcat: Apache Tomcat HTTP/2 Request mix-up

A flaw was found in Apache Tomcat. If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it is possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - fro...

4.3CVSS7.1AI score0.57286EPSS
Exploits0References8
Cvelist
Cvelist
added 2021/12/08 6:46 p.m.20 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

7.3CVSS9.9AI score0.01445EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2021/12/01 4:30 p.m.52 views

Capcom Arcade Stadium’s record player numbers blamed on card mining

Some of my favourite retro video games are making waves on Steam, but not in the way you might think. Classics such as Strider, Ghosts n’ Goblins, and more are all available as content for Capcom Arcade Stadium. This is an emulator which lets you play 31 arcade games from the 80s/90s. The games...

6.9AI score
Exploits0
NVD
NVD
added 2021/11/12 7:15 a.m.14 views

CVE-2021-1921

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

7.8CVSS0.00104EPSS
Exploits0References1
Talos
Talos
added 2021/11/09 12:0 a.m.22 views

Microsoft Azure Sphere Pluton concurrent syscalls denial of service vulnerability

Summary A denial of service vulnerability exists in the Pluton syscalls functionality of Microsoft Azure Sphere 21.01, 21.06 and 21.07. A specially-crafted set of syscalls executed in parallel by an unprivileged process can lead to the crash of Pluton, resulting in a device reboot denial of...

7.6AI score
Exploits0
NVD
NVD
added 2021/11/02 6:15 p.m.12 views

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

3.5CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/11/02 5:22 p.m.12 views

CVE-2021-36181

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

3.1CVSS6.9AI score0.00436EPSS
Exploits0References1
Rows per page
Query Builder