Lucene search
+L

136 matches found

Vulnrichment
Vulnrichment
added 2024/07/05 12:0 a.m.11 views

CVE-2024-27717

Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component...

7.2AI score0.00191EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/05 12:0 a.m.8 views

eSkooly Security Vulnerabilities

eSkooly is a free online school management software from eSkooly, Inc. A security vulnerability exists in eSkooly 3.0 and prior versions that stems from a cross-site request forgery vulnerability that allows remote attackers to elevate privileges via the token handling component...

6.5CVSS7AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2024/07/05 12:0 a.m.50 views

CVE-2024-27717

CVE-2024-27717 affects Eskooly Free Online School Management Software

6.5CVSS7.3AI score0.00191EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/05 12:0 a.m.31 views

CVE-2024-27717

Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component...

0.00191EPSS
Exploits0References1
Mageia
Mageia
added 2024/07/03 4:36 p.m.44 views

Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/28 11:17 p.m.3 views

SUSE CVE-2024-37371

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

6.5CVSS7.6AI score0.01863EPSS
Exploits0References16
OSV
OSV
added 2024/06/28 11:15 p.m.4 views

AZL-42999 CVE-2024-37371 affecting package krb5 for versions less than 1.19.4-3

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/28 12:0 a.m.19 views

CVE-2024-37371

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

6.4AI score0.01863EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 12:0 a.m.23 views

CVE-2024-37371

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

9.1CVSS6.6AI score0.01863EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/01/14 12:0 a.m.15 views

PT-2024-2003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...

9.1CVSS6.7AI score0.78388EPSS
Exploits20References982
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.5 views

kernel: mptcp: use the workqueue to destroy unaccepted sockets

In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...

7.8CVSS6.4AI score0.00168EPSS
Exploits0References5
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.12 views

Upgraded Q -> 3 from #619 [1675724566035]

Judge has assessed an item in Issue 619 as 3 risk. The relevant finding follows: The function withdrawRemainingTokens can be changed in a safer way to handle the withdraw from the owner and the protocol fee as well. This prevent risks allocated with the protocol fees. By the docs this function is...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.14 views

Legitimate token / USD pairs with more than 8 decimals are not handled correctly

Lines of code Vulnerability details Impact The decimals returned by the Chainlink oracles are assumed to be 8 throughout this protocol. However, there are legitimate token / USD pairs that have the corresponding Chainlink oracles to return more than 8 decimals; for example, the AMPL / USD pair's...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/10/05 12:0 a.m.2 views

PT-2021-22738 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 and later Description: The issue arises when an admin impersonates a user in GitLab CE/EE, resulting in access tokens not being cleared after the impersonation ends. This may lead to unnecessary sensitive information...

5.9CVSS4.7AI score0.00971EPSS
Exploits0References10
Code423n4
Code423n4
added 2021/09/11 12:0 a.m.15 views

Vault treats all tokens exactly the same that creates (huge) arbitrage opportunities.

Handle jonah1005 Vulnerability details Impact The v3 vault treats all valid tokens exactly the same. Depositing 1M DAI would get the same share as depositing 1M USDT. User can withdraw their share in another token. Though there's withdrawalProtectionFee 0.1 percent, the vault is still a no slippa...

6.9AI score
Exploits0
OSV
OSV
added 2021/08/13 4:15 p.m.5 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.1CVSS7.3AI score0.0104EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/13 4:15 p.m.3 views

CVE-2021-3352

The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0.0.0 through 9.3.1.0 could allow an unauthenticated attacker to access view and modify user data without authorization due to improper handling of tokens...

9.1CVSS7.3AI score0.0104EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.6 views

Combodo iTop 跨站请求伪造漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for daily operations in IT environments. The application provides event management, configuration management and issue management functions.Combodo iTop versions prior to 2.7.4 are vulnerable ...

8.8CVSS5.3AI score0.00377EPSS
Exploits0References3
OSV
OSV
added 2020/11/19 6:15 p.m.3 views

CVE-2020-12495

Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...

8.8CVSS7.3AI score0.00908EPSS
Exploits0References1
OSV
OSV
added 2020/10/20 9:15 p.m.16 views

CVE-2020-15269

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory...

9.1CVSS9AI score
Exploits0References2
Rows per page
Query Builder