Lucene search
K

6611 matches found

Prion
Prion
added 2023/01/26 9:18 p.m.22 views

Design/Logic Flaw

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.6CVSS6.7AI score0.00206EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.34 views

SUSE SLES15: libfreebl3 / libfreebl3-32bit / libfreebl3-hmac / etc (SUSE-SU-2023:0130-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0130-1 advisory. - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but t...

7.5CVSS6.8AI score0.00696EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.5 views

PT-2023-17715 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a Biometric Auth Failure, allowing a possible bypass of the lockscreen. This could lead to local escalation of privilege with physical access to the device,...

6.8CVSS6.5AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.2 views

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2AI score0.00206EPSS
Exploits0References1
CVE
CVE
added 2023/01/24 12:0 a.m.90 views

CVE-2023-20924

CVE-2023-20924 describes a biometric authentication bypass in the Android kernel that could enable local escalation of privilege with physical access and no user interaction. The Pixel bulletin ties this issue to the Pixel 6a fingerprint scanner and marks it as Elevation of Privilege (EoP) with H...

6.8CVSS6.6AI score0.00206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.27 views

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

6.9AI score0.00206EPSS
Exploits0References1
CVE
CVE
added 2023/01/23 5:59 p.m.51 views

CVE-2023-23687

The CVE-2023-23687 entry concerns the WordPress Youtube shortcode plugin, affected versions ≤ 1.8.5, with an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. The vulnerability stems from the plugin’s handling of input in the YouTube shortcode, enabling stored XSS when an authenticat...

6.5CVSS5.5AI score0.00393EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/23 5:50 p.m.56 views

CVE-2023-22721

Affected software: Oi Yandex.Maps for WordPress plugin, versions

6.5CVSS5.4AI score0.00383EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/23 3:15 p.m.34 views

CVE-2022-4693

The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given ...

9.8CVSS9.5AI score0.01598EPSS
Exploits2References2
Prion
Prion
added 2023/01/23 3:15 p.m.25 views

Design/Logic Flaw

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...

7.5CVSS9.4AI score0.01707EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/01/23 2:31 p.m.70 views

CVE-2022-4693

CVE-2022-4693 affects the WordPress plugin User Verification (before 1.0.94). The vulnerability is an authentication bypass where knowledge of a user’s username can grant access or elevated privileges. Publicly queryable usernames can lead to admin-like access on a site. Technical details from co...

9.8CVSS9.6AI score0.01598EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.18 views

CVE-2021-43445

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...

9.6AI score0.01707EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.43 views

RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2020:4174)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4174 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

8.8CVSS6.8AI score0.03972EPSS
Exploits0References41
Tenable Nessus
Tenable Nessus
added 2023/01/21 12:0 a.m.34 views

SUSE SLES12: libfreebl3 / libfreebl3-32bit / libfreebl3-hmac / etc (SUSE-SU-2023:0118-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0118-1 advisory. - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but t...

7.5CVSS6.8AI score0.00696EPSS
Exploits0References7
CVE
CVE
added 2023/01/19 4:32 p.m.52 views

CVE-2022-40697

CVE-2022-40697 affects the WordPress plugin 3com – Asesor de Cookies para normativa española (versions

4.8CVSS4.8AI score0.00392EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/17 9:15 p.m.21 views

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

7.5CVSS7.3AI score0.01277EPSS
Exploits0References3
Prion
Prion
added 2023/01/17 9:15 p.m.20 views

Null pointer dereference

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

5CVSS7.1AI score0.01277EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/17 9:15 p.m.42 views

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

7.5CVSS6.8AI score0.01277EPSS
Exploits0References3
OSV
OSV
added 2023/01/17 9:15 p.m.3 views

UBUNTU-CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

7.5CVSS6.7AI score0.01277EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/17 4:36 a.m.28 views

CVE-2022-42462 WordPress IP Blacklist Cloud Plugin <= 5.00 is vulnerable to Cross Site Scripting (XSS)

Auth. Stored Cross-Site Scripting XSS vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin = 5.00 versions...

4.8CVSS5.1AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder