Lucene search
+L

160 matches found

Code423n4
Code423n4
added 2022/02/23 12:0 a.m.10 views

Interest surplus is accumulated on Master accounting update in TurboSafe.less

Lines of code Vulnerability details Impact There will be an interest surplus accumulating in all the master accounting variables totalBoosted, getTotalBoostedForVault and getTotalBoostedAgainstCollateral. As getTotalBoostedForVault and getTotalBoostedAgainstCollateral are used in the checks again...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/01/01 12:0 a.m.9 views

PT-2025-8224

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel related to the Ceph file system. The issue occurs when a file is created with O RDWR and a request is sent to the...

5.5CVSS6.4AI score0.0016EPSS
Exploits0
Mageia
Mageia
added 2021/12/29 7:12 p.m.67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

7.8CVSS0.2AI score0.00549EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/11/15 5:5 p.m.2 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2020:1748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.01619EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2021/03/09 12:0 a.m.3 views

PT-2021-2331 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Win32k component of the Windows operating system. It allows an attacker to elevate their privileges. There is a race condition a...

7.8CVSS6.8AI score0.12233EPSS
Exploits1References15
Openbugbounty
Openbugbounty
added 2020/10/13 2:11 p.m.7 views

crown-caps-king.com Cross Site Scripting vulnerability OBB-1405018

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
0day.today
0day.today
added 2020/08/25 12:0 a.m.122 views

Chrome NewFixedArray Missing Array Size Check Vulnerability

Chrome suffers from a missing array size check in NewFixedArray. Chrome: Missing array size check in NewFixedArray VULNERABILITY DETAILS V8 caps the number of elements a fixed array can contain1. Most of the code that needs to create or resize a fast JS array i.e. one that's backed by a fixed arr...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/06 1:19 p.m.5 views

Facebook Launches 'Discover,' A Secure Proxy to Browse the Internet for Free

More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back at it again with a new zero-rating initiative called Discover. The service, available as a mobile web and Android app, allows users to browse the Internet...

5.7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/13 4:9 a.m.28 views

MS15-081: Description of the security update for Word 2013: August 11, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/04 5:27 p.m.27 views

CVE-2019-13417

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...

5.3CVSS3AI score0.01104EPSS
Exploits0References4
Prion
Prion
added 2020/02/24 7:15 p.m.15 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

4.3CVSS6AI score0.0084EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/24 6:16 p.m.24 views

CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

6AI score0.0084EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2019/08/26 3:46 p.m.39 views

A History of Plans to Nuke Hurricanes (and Other Stuff Too)

If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps...

1.1AI score
Exploits0
OSV
OSV
added 2019/08/12 9:15 p.m.4 views

CVE-2019-13417

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...

5.3CVSS5.9AI score0.01104EPSS
Exploits0References2
NVD
NVD
added 2019/08/12 9:15 p.m.29 views

CVE-2019-13417

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...

5.3CVSS5.3AI score0.01104EPSS
Exploits0References2
Prion
Prion
added 2019/08/12 9:15 p.m.16 views

Design/Logic Flaw

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...

5CVSS5.2AI score0.01104EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/12 8:51 p.m.24 views

CVE-2019-13417

Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...

5.3AI score0.01104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/08/12 12:0 a.m.6 views

PT-2019-13329 · Floragunn · Search Guard

Name of the Vulnerable Software and Affected Versions: Search Guard versions prior to 24.0 Description: The issue concerns field caps and mapping API leaking field names, but not values, for fields that are not allowed for the user when field level security FLS is activated. This occurs in Search...

5.3CVSS4.7AI score0.01104EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2018/05/23 12:0 a.m.29 views

Honeywell Scada System - Information Disclosure

Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...

7.4AI score
Exploits0
Rows per page
Query Builder