Lucene search
+L

917 matches found

OSV
OSV
added 2020/10/21 3:15 p.m.11 views

CVE-2020-27604

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...

6.5CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2020/10/21 3:15 p.m.19 views

CVE-2020-27604

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...

6.5CVSS0.01147EPSS
Exploits1References2
Prion
Prion
added 2020/10/21 3:15 p.m.16 views

Design/Logic Flaw

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...

4CVSS6.2AI score0.01147EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/21 2:9 p.m.22 views

CVE-2020-27604

BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can for example use api/join to join an arbitrary meeting...

6.2AI score0.01147EPSS
Exploits1References2
CVE
CVE
added 2020/10/21 2:9 p.m.44 views

CVE-2020-27604

BigBlueButton before 2.3 does not implement LibreOffice sandboxing, enabling remote authenticated users to read the API shared secret in bigbluebutton.properties and potentially join arbitrary meetings via api/join regardless of guestPolicy. Affected software: BigBlueButton prior to 2.3. Root cau...

6.5CVSS6.1AI score0.01147EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/06 5:35 p.m.41 views

CVE-2020-15174 Unpreventable top-level navigation in Electron

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in...

7.5CVSS7.4AI score0.01351EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2020/09/28 3:45 p.m.38 views

Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...

0.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/09/24 5:0 p.m.34 views

Sandbox in security: what is it, and how it relates to malware

To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...

0.3AI score
Exploits0
Veracode
Veracode
added 2020/09/21 6:39 a.m.27 views

Sandbox Bypass

firefox is vulnerable to sandbox bypass. Until explicitly accessed by script, window.global.This is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames window. Sites that deploy a sandboxing that depends on enumerating and freezing access to the window objec...

8.3CVSS2AI score0.01354EPSS
Exploits0References7Affected Software2
Packet Storm
Packet Storm
added 2020/09/11 12:0 a.m.653 views

Microsoft Internet Explorer 11 Use-After-Free

Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...

7.6CVSS8.1AI score0.86863EPSS
Exploits17
RedhatCVE
RedhatCVE
added 2020/09/07 6:19 p.m.35 views

CVE-2019-8771

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy...

6.1CVSS2.5AI score0.00983EPSS
Exploits0References4
Apple
Apple
added 2020/07/28 5:32 a.m.59 views

About the security content of Safari 13.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

8.8CVSS0.5AI score0.06927EPSS
Exploits2Affected Software3
NVD
NVD
added 2020/06/09 5:15 p.m.19 views

CVE-2020-9847

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox...

8.6CVSS7.4AI score0.00671EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.6 views

Mozilla Firefox and Firefox ESR Input Validation Error Vulnerability (CNVD-2020-54930)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox ESR versions prior to 68.8 an...

10CVSS8.3AI score0.02714EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/04/30 7:28 p.m.41 views

Building for Billions: Addressing Security Concerns for Platforms at Scale

Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...

6.9AI score
Exploits0References3
CNVD
CNVD
added 2020/04/16 12:0 a.m.6 views

Microsoft Windows and Windows Server Security Feature Bypass Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security feature bypass vulnerability exists in Microsoft Windows and Windows Server,...

8.8CVSS6.8AI score0.01243EPSS
Exploits0References1
OSV
OSV
added 2020/04/01 6:15 p.m.3 views

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

5.3CVSS6AI score0.0081EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/02/13 12:0 a.m.37 views

FreeBSD : grub2-bhyve -- multiple privilege escalations (9d6a48a7-4dad-11ea-8a1d-7085c25400ea)

Reno Robert reports : FreeBSD uses a two-process model for running a VM. For booting non-FreeBSD guests, a modified grub-emu is used grub-bhyve. Grub-bhyve executes command from guest grub.cfg file. This is a security problem because grub was never written to handle inputs from OS as untrusted. I...

6.1AI score
Exploits0References2
CNVD
CNVD
added 2019/12/27 12:0 a.m.3 views

Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2020-01907)

Apple Safari is a web browser that is the default browser that comes with the MacOSX and iOS operating systems. apple iOS is a suite of operating systems for mobile devices. apple macOS Mojave is a dedicated operating system developed specifically for Mac computers. WebKit is a component of the W...

9.6CVSS6.3AI score0.01371EPSS
Exploits0References1
Prion
Prion
added 2019/12/18 10:15 p.m.18 views

Design/Logic Flaw

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction...

2.1CVSS5.4AI score0.0029EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder