Lucene search
K

11 matches found

Cvelist
Cvelist
added 2024/10/11 2:24 p.m.27 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS0.00438EPSS
Exploits0References3
NVD
NVD
added 2024/08/06 4:15 p.m.22 views

CVE-2024-7005

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...

8.8CVSS0.00403EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/06 3:37 p.m.20 views

CVE-2024-7004

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...

6.1AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2024/08/06 3:37 p.m.77 views

CVE-2024-7005

CVE-2024-7005 concerns Google Chrome/Chromium where insufficient validation of untrusted input in Safe Browsing allowed a remote attacker to bypass discretionary access control by convincing a user to perform specific UI gestures with a malicious file. The vulnerability affects Chrome/Chromium pr...

8.8CVSS6.5AI score0.00403EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/10/23 12:15 a.m.23 views

CVE-2023-46319

WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface...

7.5CVSS7.5AI score0.00496EPSS
Exploits0References1
CVE
CVE
added 2023/10/22 12:0 a.m.132 views

CVE-2023-46319

CVE-2023-46319 affects WALLIX Bastion, specifically versions 9.x prior to 9.0.9 and 10.x prior to 10.0.5. The issue is an access-control bypass in the network access administration web interface that allows unauthenticated access to sensitive information. Affected software is WALLIX Bastion; vuln...

7.5CVSS7.4AI score0.00496EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.17 views

Improper access control

The public API error causes for the attacker to be able to bypass API access control...

7.5CVSS9.3AI score0.00984EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/03/31 6:15 p.m.28 views

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

7.5CVSS0.02219EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/01/08 5:51 p.m.23 views

CVE-2020-16020

Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file...

8.3AI score0.00858EPSS
Exploits0References2
Prion
Prion
added 2017/05/08 6:29 p.m.10 views

Improper access control

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service preventing terminal launch, or possibly have other impact bypassing terminal access control...

4.6CVSS7.1AI score0.00319EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/03/01 12:0 a.m.38 views

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...

9.8CVSS7.1AI score0.54507EPSS
Exploits7References12
Rows per page
Query Builder