Lucene search
K

265 matches found

Snyk
Snyk
added 2024/02/20 2:13 p.m.2 views

Authentication Bypass

Amendment This was deemed not a vulnerability. Overview hawk is a library for the HTTP Hawk Authentication Scheme. Affected versions of this package are vulnerable to Authentication Bypass. The incoming client supplied hash of the payload is trusted by the server and not verified before the...

9.3CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2024/01/23 12:0 a.m.2 views

UBUNTU-CVE-2023-40549

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

6.2CVSS6.7AI score0.00409EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/12/26 12:41 p.m.44 views

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246RocketMQRCEEXP CVE-2023-33246 RocketMQ Remote...

9.8CVSS10AI score0.96604EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2023/10/11 12:0 a.m.4 views

PT-2023-29093 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Security module affected versions not specified Description: The issue concerns the security module where package names' public keys are not being verified. This could potentially affect service confidentiality if successfully exploited...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
OSV
OSV
added 2023/09/28 3:15 a.m.4 views

CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...

8.8CVSS5.8AI score0.01418EPSS
Exploits4References4
VulnCheck KEV
VulnCheck KEV
added 2023/08/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-33246

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References1
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.4 views

PT-2023-27170 · Nextcloud · Nextcloud +1

Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue is related to the missing verification of the issuer in the user oidc module for Nextcloud, allowing an attacker to perform a man-in-the-middle attack by returning corrupted or kno...

4.8CVSS4.9AI score0.00446EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/08/04 12:15 a.m.6 views

CVE-2023-36134

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.6 views

PT-2023-12999 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...

8.8CVSS8.5AI score0.00381EPSS
Exploits1References5
OSV
OSV
added 2023/05/22 8:15 p.m.6 views

CVE-2023-28386

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

9.8CVSS7.6AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2023/04/03 3:15 p.m.3 views

CVE-2023-1330

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...

6.5CVSS6.6AI score0.00344EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

Tesla 资源管理错误漏洞

Tesla is an electric vehicle from the American company Tesla. A resource management error vulnerability exists in the Tesla Model 3 that stems from not verifying the existence of a wowlanconfig data structure before performing operations on it...

8.8CVSS7.8AI score0.00364EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.3 views

SUSE CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

2.6CVSS6.9AI score0.01324EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.3 views

SUSE CVE-2014-7273

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.5AI score0.00928EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

6.5CVSS6.9AI score0.01817EPSS
Exploits0References7
OSV
OSV
added 2022/09/23 1:15 p.m.1 views

UBUNTU-CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

7.7CVSS6.9AI score0.0058EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.6 views

HUAWEI HarmonyOS 数据伪造问题漏洞

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. HUAWEI HarmonyOS version 2.0 has a security vulnerability, the vulnerability stems from the existence of recovery module upgrade package...

7.5CVSS7.3AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/03 12:0 a.m.4 views

PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1

Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...

8.7CVSS7.8AI score0.00287EPSS
Exploits0References23
OSV
OSV
added 2022/04/21 6:15 p.m.5 views

CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

5.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/04/12 5:15 p.m.18 views

Privilege escalation

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...

7.2CVSS7.6AI score0.00104EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder