Lucene search
K

159 matches found

CNNVD
CNNVD
added 2021/05/17 12:0 a.m.6 views

Red Hat Ceph跨站脚本漏洞

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless replication of data. A...

6.1CVSS7.2AI score0.017EPSS
Exploits1References14
ThreatPost
ThreatPost
added 2021/01/08 6:0 a.m.282 views

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Makers of the Chrome, Firefox and Edge browsers are urging users to patch critical vulnerabilities that if exploited allow hackers to hijack systems running the software. The Mozilla Firefox vulnerability CVE-2020-16044 is separate from a bug reported in Google’s browser engine Chromium, which is...

9.3CVSS9.6AI score0.03095EPSS
Exploits0References25
CNVD
CNVD
added 2020/12/01 12:0 a.m.1 views

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68252)

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...

5.3CVSS6.2AI score0.01476EPSS
Exploits0References1
OSV
OSV
added 2020/11/30 4:15 p.m.1 views

CVE-2020-4625

IBM Cloud Pak for Security 1.3.0.1CP4S could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie...

5.3CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2020/11/25 12:0 a.m.8 views

IBM Cloud Pak for Security 信息泄露漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the HTTPOnly flag not...

5.3CVSS5.8AI score0.01476EPSS
Exploits0References4
CNVD
CNVD
added 2020/11/04 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in CupCMS Member Center

CupCMS is a content management system that integrates video, stars, news, comics, community and more. A stored cross-site scripting vulnerability exists in CupCMS Member Center, which can be exploited by attackers to obtain sensitive information such as user cookies...

5.9AI score
Exploits0
NVD
NVD
added 2020/06/19 2:15 p.m.28 views

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

5.3CVSS0.00901EPSS
Exploits0References1
OSV
OSV
added 2020/06/19 2:15 p.m.17 views

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

5.3CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2020/06/19 2:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

5CVSS5.3AI score0.00901EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 1:33 p.m.27 views

CVE-2019-20849

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout...

5.3AI score0.00901EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/15 12:0 a.m.1 views

XSS Vulnerability in Website Building System of Guangdong Boon Network Co.

Established on July 10, 2008, Guangdong Boon Network Co., Ltd. is a provider of software and information technology services. There is an XSS vulnerability in the website builder system of Guangdong Boon Network Co. Ltd, which can be exploited by attackers to obtain user's cookie information...

6.1AI score
Exploits0
Veracode
Veracode
added 2020/04/10 12:18 a.m.32 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...

4.3CVSS2.3AI score0.01798EPSS
Exploits0References33Affected Software5
Veracode
Veracode
added 2020/04/10 12:18 a.m.31 views

Denial Of Service (DoS)

firefox is vulnerable denial of service. Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly...

4.3CVSS2.3AI score0.07831EPSS
Exploits0References38Affected Software5
OSV
OSV
added 2020/04/09 1:15 p.m.3 views

CVE-2020-11557

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value...

7.5CVSS7.1AI score0.0072EPSS
Exploits1References1
OSV
OSV
added 2020/04/08 2:15 p.m.5 views

CVE-2020-4289

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM...

5.3CVSS5.8AI score0.01624EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/10/08 10:5 a.m.5 views

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

9.8CVSS6.7AI score0.08811EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/10/02 12:0 a.m.16 views

The vulnerability of the websSecurityHandler function in the MOXA EDR-810 industrial router’s web server allows a hacker to execute arbitrary code.

The vulnerability of the websSecurityHandler function offset 0x1B4B0 in the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router is caused by the lack of checking the size of the data being copied into a buffer of 0x200 bytes. Exploiting this vulnerability allows ...

9.6CVSS6.3AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/13 12:0 a.m.9 views

The vulnerability in the FortiOS operating system’s web interface allows a hacker to bypass the verification of the "APSCOOKIE" cookie parameter.

The vulnerability in the FortiOS operating system’s web interface is related to the absence of the necessary encryption step. Exploiting this vulnerability allows a malicious actor to bypass the verification of the “APSCOOKIE” cookie parameter, which is used to protect information transmitted via...

6.5CVSS5.5AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2019/08/12 11:56 a.m.5 views

python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...

9.8CVSS6.7AI score0.08811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/08 12:47 p.m.4 views

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

6.1CVSS6.8AI score0.03984EPSS
Exploits1References4
Rows per page
Query Builder