Lucene search
K

56 matches found

Veracode
Veracode
added 2021/04/30 1:7 a.m.12 views

Prototype Pollution

domify is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

3.4AI score
Exploits0
Veracode
Veracode
added 2021/03/02 5:5 a.m.19 views

Prototype Pollution

object-collider is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS3.5AI score0.03702EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2020/12/30 1:47 a.m.20 views

Prototype Pollution

set-object-value is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype causing a denial of service and may lead to remote code executio...

9.8CVSS5.3AI score0.03591EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/12/07 5:29 p.m.31 views

CVE-2020-27826

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...

4.9CVSS5.1AI score0.00572EPSS
Exploits0References3
Veracode
Veracode
added 2020/10/21 9:45 a.m.28 views

Prototype Pollution

y18n is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

9.8CVSS4AI score0.69062EPSS
Exploits1References8Affected Software5
OSV
OSV
added 2019/10/03 8:15 p.m.2 views

UBUNTU-CVE-2019-16328

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings...

7.5CVSS5.9AI score0.13049EPSS
Exploits2References2
Veracode
Veracode
added 2017/11/28 8:46 a.m.22 views

Authorization Bypass

TeamPass is vulnerable to authorization bypass. The application does not properly check if a user has the proper permissions to access an item, allowing a malicious user to modify or delete multiple attributes of an item by modifying requests sent to the application...

8.1CVSS7.9AI score0.01061EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2017/03/28 12:0 a.m.2 views

Novell eDirectory Remote Elevation of Privilege Vulnerability

Novell eDirectory is an identity management infrastructure platform that combines identity management architecture and directory services technology from Novell, USA. The platform provides authentication policies, data backup and recovery services, data disaster recovery and other functions. A...

7.5CVSS7.4AI score0.01244EPSS
Exploits0References1
OSV
OSV
added 2015/12/28 11:59 a.m.1 views

DEBIAN-CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

6.7CVSS7.3AI score0.22374EPSS
Exploits12References1
OSV
OSV
added 2015/12/28 11:59 a.m.13 views

CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

6.7CVSS6.4AI score
Exploits0References28
OSV
OSV
added 2015/12/28 12:0 a.m.2 views

UBUNTU-CVE-2015-8660

The ovlsetattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application...

6.7CVSS6.8AI score0.22374EPSS
Exploits12References8
RedHat Linux
RedHat Linux
added 2015/02/11 8:36 p.m.4 views

Management: Limited RBAC authorization bypass

It was discovered that the Role Based Access Control RBAC implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, ...

4CVSS5.8AI score0.0126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.5 views

Management: Limited RBAC authorization bypass

It was discovered that the Role Based Access Control RBAC implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, ...

4CVSS5.8AI score0.0126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:16 p.m.5 views

Management: Limited RBAC authorization bypass

It was discovered that the Role Based Access Control RBAC implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, ...

4CVSS5.8AI score0.0126EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:6 p.m.4 views

Management: Limited RBAC authorization bypass

It was discovered that the Role Based Access Control RBAC implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, ...

4CVSS5.8AI score0.0126EPSS
Exploits0References4
exploitpack
exploitpack
added 2000/06/15 12:0 a.m.23 views

HM Software S to Infinity 3.0 - Multiple Vulnerabilities

HM Software S to Infinity 3.0 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/1368/info A number of vulnerabilities exist in HM Software S to Infinity, a security access control, desktop lockdown and transparent encryption application. Intended features include restriction of...

0.7AI score
Exploits0
Rows per page
Query Builder