Lucene search
K

124 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.9 views

CVE-2021-30262

Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

8.4CVSS7.7AI score0.00146EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/23 12:0 a.m.4 views

The vulnerability of the application-level SIP ALG operating system Juniper Networks Junos routers of the MX and SRX series allows attackers to compromise the integrity of protected information.

The vulnerability of SIP application-level ALG operating systems running on Juniper Networks Junos routers of the MX and SRX series lies in insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of protected...

5.8CVSS7.2AI score0.00354EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.3 views

SUSE CVE-2015-3146

The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted SSH packet...

7.5CVSS6.7AI score0.0391EPSS
Exploits0References5
Snyk
Snyk
added 2022/05/14 2:1 a.m.6 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to not using or validating the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS7.2AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2021/12/23 8:15 p.m.18 views

Input validation

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...

4.6CVSS5.7AI score0.00246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/23 7:48 p.m.24 views

CVE-2017-13907

A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...

6AI score0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.5 views

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in multiple Qualcomm products, which stems from an incorrect validation of the socket state when sending socket events to a client could result in invalid memory access. The...

8.4CVSS7.3AI score0.00146EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/10/08 12:0 a.m.2 views

PT-2021-6003 · Foxit · Foxit Phantompdf +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PhantomPDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

10CVSS8AI score0.00349EPSS
Exploits0References7
Prion
Prion
added 2021/09/09 8:15 a.m.19 views

Design/Logic Flaw

Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

7.8CVSS7.5AI score0.00598EPSS
Exploits0References1
CVE
CVE
added 2021/09/09 7:36 a.m.65 views

CVE-2021-1971

CVE-2021-1971 affects Qualcomm closed-source components in Snapdragon SoCs, arising from a lack of physical layer state validation leading to possible assertion. The exposure spans Snapdragon Auto/Compute/Connectivity/Consumer Electronics Connectivity/Industrial IOT/ Mobile/Wired Infrastructure, ...

7.8CVSS7.4AI score0.00598EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/08/24 7:15 p.m.13 views

CVE-2021-30904

A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage...

5.3CVSS0.00804EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/24 6:50 p.m.22 views

CVE-2021-30904

A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage...

6AI score0.00804EPSS
Exploits0References1
CVE
CVE
added 2021/08/24 6:50 p.m.58 views

CVE-2021-30904

CVE-2021-30904 affects macOS Monterey 12.0.x in the Apple Messages sync flow. The issue is a sync/state validation bug that could allow a user’s messages to continue syncing after signing out of iMessage. Apple fixed this in macOS Monterey 12.0.1 (per HT212869). Connected feeds corroborate the de...

5.3CVSS5.5AI score0.00804EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/06/21 5:15 p.m.18 views

Input validation

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is n...

4.6CVSS7.7AI score0.00199EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/21 4:1 p.m.32 views

CVE-2021-0513

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is n...

8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2021/04/07 11:15 a.m.3 views

CVE-2021-30177

There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User Registration section, leading to remote code execution. This occurs because the U.S. state is not validated to be two letters, and the OrderBy field is not validated to be one of LASTNAME, CITY, or STATE...

9.8CVSS6AI score0.02363EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2019/04/10 12:0 a.m.36 views

FreeBSD -- SAE confirm missing state validation

Problem Description: When hostapd is used to operate an access point with SAE Simultaneous Authentication of Equals; also known as WPA3-Personal, an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm messag...

7.5CVSS0.2AI score0.05224EPSS
Exploits0
Prion
Prion
added 2018/01/08 7:29 p.m.19 views

Design/Logic Flaw

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

6.8CVSS6.7AI score0.0197EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2018/01/08 7:0 p.m.27 views

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

8.2AI score0.0197EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2018/01/08 7:0 p.m.26 views

CVE-2015-2318

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...

8.1CVSS8.7AI score0.0197EPSS
Exploits0
Rows per page
Query Builder