Lucene search
K

129 matches found

CNNVD
CNNVD
added 2022/07/28 12:0 a.m.5 views

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. It is used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in versions prior to Zulip 1.3.12, which stems from the fact that other users...

4.3CVSS5.1AI score0.00461EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.8 views

The vulnerability of the Display Key Combination Fast Access swhkd implementation in the Wayland display server protocol involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Display KeyCombination Scanner daemon in the Wayland display server protocol implementation is related to an uncontrolled resource consumption during syntax analysis of files with the -c parameter. Exploiting this vulnerability can allow attackers to cause service failure...

5.3CVSS5.9AI score0.00822EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/01 12:0 a.m.6 views

PT-2022-14235 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 10.7 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1 Description: The issue concerns incorrect authorization in GitLab EE, allowing an attacker with a valid Deploy Key or Deploy...

6.5CVSS4.5AI score0.0061EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/06/17 8:0 p.m.6 views

CVE-2022-21213

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively...

7.5CVSS7.1AI score0.01957EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/05/23 7:34 p.m.9 views

CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel

Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...

5.5CVSS7AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.3 views

PT-2022-13916 · WordPress · All-In-One Wp Migration

Name of the Vulnerable Software and Affected Versions: All-in-One WP Migration plugin for WordPress versions up to, and including, 7.58 Description: The issue arises from insufficient file validation via the /lib/model/class-ai1wm-backups.php file, allowing for arbitrary file deletion via directo...

6.6CVSS6.7AI score0.47495EPSS
Exploits0References7
NCSC
NCSC
added 2022/04/13 12:0 a.m.4 views

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...

8.8CVSS7.1AI score0.02322EPSS
Exploits0
OSV
OSV
added 2022/02/25 3:15 p.m.4 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

5.3CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/25 3:15 p.m.6 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

5.3CVSS6.1AI score0.00681EPSS
Exploits0References3
OSV
OSV
added 2022/01/13 4:15 p.m.4 views

UBUNTU-CVE-2021-40327

Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...

5.9CVSS5.8AI score0.01194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/11/19 12:0 a.m.4 views

PT-2021-21257 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows authenticated users with permission to the key to retrieve initially generated block tokens from the metadata database. These tokens can be used even after access has been...

9.8CVSS9.3AI score0.02445EPSS
Exploits0References9
CVE
CVE
added 2020/03/10 4:36 p.m.61 views

CVE-2012-1096

CVE-2012-1096 affects NetworkManager 0.9 and earlier. The flaw allows local users to access other users’ certificates or private keys when establishing a connection via a file path during addition of a new connection. This is a local-attack exposure with a confidentiality impact reported as high ...

5.5CVSS5.4AI score0.0071EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/01/18 12:15 a.m.2 views

CVE-2019-19696

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to...

5.5CVSS5.8AI score0.00472EPSS
Exploits0References4
CNVD
CNVD
added 2019/09/22 12:0 a.m.1 views

Xiaomi Mi Home smart platform has information leakage vulnerability

Xiaomi Mijia Intelligent Platform is Xiaomi's open platform for the IoT field, which can realize the interconnection of consumer smart hardware such as smart home devices, smart home appliances, smart wearable devices, smart travel devices and other consumer smart hardware. Xiaomi Mijia intellige...

7.2AI score
Exploits0
OSV
OSV
added 2019/06/12 2:29 p.m.2 views

CVE-2019-1019

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access...

8.5CVSS7.4AI score0.15115EPSS
Exploits2References3
Cvelist
Cvelist
added 2018/11/20 7:0 p.m.34 views

CVE-2018-12038

An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key...

4.9AI score0.0063EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2018/09/10 12:0 a.m.4 views

June 21, 2018—KB4284842 ( Preview of Monthly Rollup)

June 21, 2018—KB4284842 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4284826 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/06/20 12:0 a.m.2 views

cryptlib Information Disclosure Vulnerability

cryptlib is a general-purpose cryptographic library based on the GnuPG code. A security vulnerability exists in cryptlib. The vulnerability can be exploited by an attacker to obtain a key by accessing a local device or a different virtual machine on the same physical host...

4.9CVSS5AI score0.00346EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

LibreSSL ROHNP Vulnerability

LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A security vulnerability exists in LibreSSL versions prior to 2.6.5 and 2.7.x prior to...

4.7CVSS4.7AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/06/13 12:0 a.m.3 views

PT-2017-8411 · Pulp · Pulp

Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...

5.5CVSS6AI score0.00352EPSS
Exploits0References7
Rows per page
Query Builder