Lucene search
K

206 matches found

OSV
OSV
added 2024/01/03 4:14 p.m.91 views

GHSA-4248-P65P-HCRM Insecure random string generator used for sensitive data

CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates ne...

8.2CVSS9.2AI score0.00439EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/01/03 4:14 p.m.37 views

Insecure random string generator used for sensitive data

CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates ne...

9.8CVSS6.6AI score0.00439EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/01/03 4:13 p.m.32 views

GHSA-8579-7P32-F398 CubeFS timing attack can leak user passwords

A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...

8.2CVSS5.9AI score0.00353EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/01/03 4:13 p.m.30 views

CubeFS timing attack can leak user passwords

A vulnerability was found during in the CubeFS master component that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the...

6.5CVSS7AI score0.00353EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/03 4:13 p.m.19 views

GHSA-QC6V-G3XW-GRMX Authenticated users can crash the CubeFS servers with maliciously crafted requests

A security vulnerability was found in CubeFS HandlerNode that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to...

7.1CVSS6.3AI score0.00555EPSS
Exploits0References4
OSV
OSV
added 2023/12/08 9:57 p.m.12 views

GHSA-99JV-8292-2HPM eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations

Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/12/06 7:19 p.m.16 views

eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations

Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References6Affected Software1
OSV
OSV
added 2023/11/27 11:27 p.m.29 views

GHSA-QMVJ-4QR9-V547 Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler

Summary A vulnerability was fond in Knative Serving that could allow an attacker to crash the Knative Serving autoscaler resulting in a denial of service. The attacker would need to have compromised one pod in the Knative Serving deployment, and with that position they could launch the attack...

5.3CVSS6.1AI score0.00867EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.10 views

Accessibility Suite by Online ADA <= 4.11 - Subscriber+ SQLi

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

9.8CVSS7.7AI score0.0055EPSS
Exploits0
NVD
NVD
added 2023/11/06 9:15 a.m.20 views

CVE-2023-45830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

9.8CVSS9.8AI score0.0055EPSS
Exploits0References1
Prion
Prion
added 2023/11/06 9:15 a.m.15 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11...

7.5CVSS7.8AI score0.0055EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/06 8:57 a.m.12 views

CVE-2023-45830 WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

8.5CVSS7.6AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2023/11/06 8:57 a.m.37 views

CVE-2023-45830

CVE-2023-45830 affects the WordPress Accessibility Suite by Online ADA (

9.8CVSS9.6AI score0.0055EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 8:57 a.m.29 views

CVE-2023-45830 WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

8.5CVSS10AI score0.0055EPSS
Exploits0References1
NVD
NVD
added 2023/11/06 8:15 a.m.22 views

CVE-2022-47420

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

9.8CVSS9.8AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2023/11/06 8:15 a.m.2 views

CVE-2022-47420

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

9.8CVSS5.8AI score0.00479EPSS
Exploits0References1
Prion
Prion
added 2023/11/06 8:15 a.m.19 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11...

7.5CVSS7.8AI score0.00479EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/06 7:41 a.m.18 views

CVE-2022-47420 WordPress Accessibility Suite by Online ADA plugin <= 4.12 - SQL Injection

A vulnerability in Ability, Inc Accessibility Suite online-accessibility.This issue affects Accessibility Suite: from n/a through = 4.12...

6.4CVSS8.6AI score0.00479EPSS
Exploits0References1
CVE
CVE
added 2023/11/06 7:41 a.m.36 views

CVE-2022-47420

CVE-2022-47420 is an SQL Injection in the WordPress plugin Accessibility Suite by Online ADA, affecting versions up to 4.12 (inclusive). The root cause is improper neutralization of SQL elements, enabling unauthenticated exploitation with high impact on confidentiality, integrity, and availabilit...

9.8CVSS9.9AI score0.00479EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 7:41 a.m.29 views

CVE-2022-47420 WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

6.4CVSS10AI score0.00479EPSS
Exploits0References1
Rows per page
Query Builder