265 matches found
Authentication Bypass
Amendment This was deemed not a vulnerability. Overview hawk is a library for the HTTP Hawk Authentication Scheme. Affected versions of this package are vulnerable to Authentication Bypass. The incoming client supplied hash of the payload is trusted by the server and not verified before the...
UBUNTU-CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246RocketMQRCEEXP CVE-2023-33246 RocketMQ Remote...
PT-2023-29093 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Security module affected versions not specified Description: The issue concerns the security module where package names' public keys are not being verified. This could potentially affect service confidentiality if successfully exploited...
CVE-2023-42222
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...
VulnCheck KEV: CVE-2023-33246
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...
PT-2023-27170 · Nextcloud · Nextcloud +1
Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue is related to the missing verification of the issuer in the user oidc module for Nextcloud, allowing an attacker to perform a man-in-the-middle attack by returning corrupted or kno...
CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...
PT-2023-12999 · Nokia · Nokia Netact
Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...
CVE-2023-28386
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...
CVE-2023-1330
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...
Tesla 资源管理错误漏洞
Tesla is an electric vehicle from the American company Tesla. A resource management error vulnerability exists in the Tesla Model 3 that stems from not verifying the existence of a wowlanconfig data structure before performing operations on it...
SUSE CVE-2013-2037
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...
SUSE CVE-2014-7273
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...
SUSE CVE-2019-12855
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...
UBUNTU-CVE-2022-2347
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...
HUAWEI HarmonyOS 数据伪造问题漏洞
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. HUAWEI HarmonyOS version 2.0 has a security vulnerability, the vulnerability stems from the existence of recovery module upgrade package...
PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1
Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...
CVE-2020-14122
Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...
Privilege escalation
In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...