Lucene search
+L

316 matches found

CNNVD
CNNVD
added 2020/12/31 12:0 a.m.9 views

WordPress 处理逻辑错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Access Manager plugin versions prior to 6.6.2,...

4.3CVSS5.8AI score0.01059EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/10/27 12:0 a.m.11 views

The vulnerability of the set_file_metadata function in the GNU Wget download manager allows a hacker to gain access to protected information.

The vulnerability of the setfilemetadata function in the GNU Wget download manager is related to the lack of protection for metadata. Exploiting this vulnerability could allow an attacker to access protected information...

7.8CVSS6.6AI score0.00659EPSS
Exploits1References4Affected Software5
OSV
OSV
added 2020/08/25 7:15 p.m.8 views

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

4.3CVSS5.8AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2020/06/11 3:15 p.m.13 views

CVE-2020-0135

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/11 2:43 p.m.19 views

CVE-2020-0135

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.4AI score0.00138EPSS
Exploits0References1
Prion
Prion
added 2019/10/02 7:15 p.m.21 views

Code injection

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

5CVSS5.2AI score0.00904EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/21 10:24 p.m.13 views

GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS6AI score0.01988EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2018/10/30 8:18 a.m.4 views

Signal Secure Messaging App Now Encrypts Sender's Identity As Well

Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are full...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2018/10/25 10:21 p.m.15 views

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

1AI score
Exploits0
OSV
OSV
added 2017/10/19 9:29 p.m.3 views

DEBIAN-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS6.8AI score0.01201EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/08/23 8:34 p.m.21 views

Instacart: Fetch private list metadata and any user's personal name

Overview == When a user creates a list, they can choose whether to make the list visible in search and whether to show their name with the list. The problem is that the attacker can still access the information that the user chose to hide. Furthermore, if the attacker gets hold of a user's ID, th...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/08/07 6:23 p.m.3 views

389-ds: unauthenticated information disclosure

It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to...

5CVSS5.8AI score0.02198EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/07 4:42 p.m.40 views

Important: Red Hat Security Advisory: redhat-ds-base security update

Updated redhat-ds-base packages that fix one security issue are now available for Red Hat Directory Server 8. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5CVSS5.8AI score0.02198EPSS
Exploits0References2
OSV
OSV
added 2014/01/07 6:55 p.m.11 views

DEBIAN-CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

5CVSS6.4AI score0.01837EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2012/08/27 12:0 a.m.97 views

mediawiki -- multiple vulnerabilities

Mediawiki reports: Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based X...

6.5CVSS6.2AI score0.01562EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2004/11/19 5:0 a.m.42 views

CVE-2004-0749

The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...

5CVSS5.4AI score0.01457EPSS
Exploits0
Rows per page
Query Builder