Lucene search
K

163 matches found

OSV
OSV
added 2024/05/21 4:15 p.m.2 views

DEBIAN-CVE-2023-52774

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel...

5.5CVSS5AI score0.0024EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/21 4:15 p.m.21 views

CVE-2023-52774

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel...

5.5CVSS6.1AI score0.0024EPSS
Exploits0References10
CVE
CVE
added 2024/05/21 3:30 p.m.112 views

CVE-2023-52774

CVE-2023-52774 : In the Linux kernel (s390/dasd), the device queue could be accessed concurrently in dasd_profile_start(), allowing the queue to change while it is being read; this could trigger a kernel panic due to invalid pointer accesses when I/O is highly parallel (aliases). The root cause i...

5.5CVSS6.5AI score0.0024EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2024/03/03 4:45 a.m.4 views

SUSE CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

4.4CVSS8.5AI score0.00749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.4 views

batik: Server-Side Request Forgery vulnerability

A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks...

4.4CVSS7.1AI score0.00749EPSS
Exploits0References6
Prion
Prion
added 2023/08/22 7:16 p.m.26 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

3.3CVSS5AI score0.00749EPSS
Exploits0References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS7.1AI score0.00804EPSS
Exploits1References3
OSV
OSV
added 2023/05/23 8:15 p.m.3 views

CVE-2023-23299

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...

7.5CVSS5.7AI score0.00804EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.5 views

SUSE CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...

4.3CVSS6.7AI score0.01532EPSS
Exploits0References5
Hacker One
Hacker One
added 2023/02/02 6:0 a.m.84 views

HackerOne: [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick

A Local File Inclusion vulnerability was discovered in an outdated version of ImageMagick used for image resizing on a website. An attacker could exploit this vulnerability by uploading a malicious PNG image, which would include the local file as content of the resized image in a hexadecimal...

6.5CVSS6.5AI score0.89855EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2022/10/31 8:8 p.m.6 views

CVE-2022-40287 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting XSS vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account...

5.7AI score0.00621EPSS
Exploits0References1
OSV
OSV
added 2022/10/25 6:15 p.m.4 views

CVE-2022-36454

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name...

6.5CVSS5.8AI score0.00478EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-23378 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.5.0.101 Description: A vulnerability in the MiCollab Client API could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. This could allow the attacker t...

6.5CVSS6.2AI score0.00478EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.5 views

PT-2022-23717 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9.1CVSS9.4AI score0.06015EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/22 12:0 a.m.26 views

Unescaped control characters in Gitblit

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

9.8CVSS9AI score0.17749EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/05/21 8:35 p.m.21 views

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

9.8AI score0.17749EPSS
Exploits1References2
OSV
OSV
added 2022/04/05 1:15 a.m.2 views

UBUNTU-CVE-2022-0456

Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction...

8.8CVSS7AI score0.0073EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.4 views

Parallels Remote Application Server 安全漏洞

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...

7.1CVSS5.6AI score0.00272EPSS
Exploits0References2
0day.today
0day.today
added 2021/11/27 12:0 a.m.402 views

Bagisto 1.3.3 - Client-Side Template Injection Vulnerability

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...

7.1AI score
Exploits0
OSV
OSV
added 2021/09/22 4:51 p.m.5 views

DRUPAL-CONTRIB-2021-032

This module provides a system for building an ecommerce solution in their Drupal site. The module doesn't sufficiently verify access to profile data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation...

6.7AI score
Exploits0References1
Rows per page
Query Builder