6611 matches found
Design/Logic Flaw
In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
SUSE SLES15: libfreebl3 / libfreebl3-32bit / libfreebl3-hmac / etc (SUSE-SU-2023:0130-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0130-1 advisory. - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but t...
PT-2023-17715 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a Biometric Auth Failure, allowing a possible bypass of the lockscreen. This could lead to local escalation of privilege with physical access to the device,...
CVE-2023-20924
In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20924
CVE-2023-20924 describes a biometric authentication bypass in the Android kernel that could enable local escalation of privilege with physical access and no user interaction. The Pixel bulletin ties this issue to the Pixel 6a fingerprint scanner and marks it as Elevation of Privilege (EoP) with H...
CVE-2023-20924
In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-23687
The CVE-2023-23687 entry concerns the WordPress Youtube shortcode plugin, affected versions ≤ 1.8.5, with an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. The vulnerability stems from the plugin’s handling of input in the YouTube shortcode, enabling stored XSS when an authenticat...
CVE-2023-22721
Affected software: Oi Yandex.Maps for WordPress plugin, versions
CVE-2022-4693
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...
Design/Logic Flaw
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...
CVE-2022-4693
CVE-2022-4693 affects the WordPress plugin User Verification (before 1.0.94). The vulnerability is an authentication bypass where knowledge of a user’s username can grant access or elevated privileges. Publicly queryable usernames can lead to admin-like access on a site. Technical details from co...
CVE-2021-43445
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...
RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2020:4174)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4174 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...
SUSE SLES12: libfreebl3 / libfreebl3-32bit / libfreebl3-hmac / etc (SUSE-SU-2023:0118-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0118-1 advisory. - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but t...
CVE-2022-40697
CVE-2022-40697 affects the WordPress plugin 3com – Asesor de Cookies para normativa española (versions
CVE-2023-0122
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
Null pointer dereference
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
CVE-2023-0122
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
UBUNTU-CVE-2023-0122
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...
CVE-2022-42462 WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)
Auth. Stored Cross-Site Scripting XSS vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin = 5.00 versions...