Lucene search
+L

145 matches found

RedHat Linux
RedHat Linux
added 2021/12/02 4:22 p.m.3 views

mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

A Cross-Site Request Forgery CSRF attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively...

8.8CVSS7.3AI score0.0073EPSS
Exploits0References4
OSV
OSV
added 2021/07/12 2:15 p.m.6 views

CVE-2021-24013

Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests...

6.5CVSS5.8AI score0.01102EPSS
Exploits0References1
OSV
OSV
added 2020/11/30 7:15 p.m.4 views

CVE-2020-6317

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or...

3.5CVSS5.8AI score0.00351EPSS
Exploits0References2
Fedora
Fedora
added 2020/10/06 12:16 a.m.38 views

[SECURITY] Fedora 33 Update: podman-2.1.1-10.fc33

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

5.3CVSS2.2AI score0.01402EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/10/02 12:0 a.m.29 views

CVE-2020-17382

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow 0x80102040, 0x80102044, 0x80102050,and 0x80102054. Recent assessments: bwatters-r7 at September 09, 2020 6:09pm UTC reported: This is a vulnerability in the MSI AmbientLink Version 1.0.0.8. The vulnerability allows a regular user...

7.8CVSS2AI score0.02075EPSS
Exploits4References4
OSV
OSV
added 2019/10/07 4:15 p.m.5 views

CVE-2019-17312

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...

8.8CVSS7.3AI score0.01981EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.5 views

CVE-2019-17311

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user...

8.8CVSS5.8AI score0.01981EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.5 views

CVE-2019-17305

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...

8.8CVSS7.4AI score0.01401EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.14 views

CVE-2019-17308

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...

8.8CVSS8.9AI score0.01401EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.23 views

CVE-2019-17305

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...

8.8CVSS8.9AI score0.01401EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.20 views

CVE-2019-17297

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.5 views

CVE-2019-17297

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...

8.8CVSS7.3AI score0.01163EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.5 views

CVE-2019-17308

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...

8.8CVSS7.4AI score0.01401EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.10 views

CVE-2019-17296

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.12 views

CVE-2019-17293

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.6 views

CVE-2019-17296

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...

8.8CVSS7.3AI score0.01163EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.7 views

CVE-2019-17293

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...

8.8CVSS7.3AI score0.01163EPSS
Exploits0References1
OSV
OSV
added 2019/10/07 4:15 p.m.3 views

CVE-2019-17294

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...

8.8CVSS7.3AI score0.01163EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.12 views

CVE-2019-17295

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 4:15 p.m.16 views

CVE-2019-17294

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...

8.8CVSS9.1AI score0.01163EPSS
Exploits0References1
Rows per page
Query Builder