Lucene search
+L

124 matches found

NVD
NVD
added 2023/12/04 11:15 p.m.28 views

CVE-2023-40076

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.02281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/04 10:40 p.m.3 views

CVE-2023-40076

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.4AI score0.02281EPSS
Exploits0References2
Prion
Prion
added 2023/11/21 7:15 p.m.18 views

Cross site scripting

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

4.9CVSS5.7AI score0.00459EPSS
Exploits0References1Affected Software4
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.5 views

PT-2023-20556 · Watchguard · Watchguard Epdr

Name of the Vulnerable Software and Affected Versions: WatchGuard EPDR version 8.0.21.0002 Description: An issue was discovered due to a weak implementation of a password check, making it possible to obtain credentials to access the management console as a non-privileged user. Recommendations: Fo...

5.5CVSS5.4AI score0.00153EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/08/16 2:32 p.m.50 views

CVE-2023-40345

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to...

6.5CVSS6.9AI score0.00765EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.8 views

CVE-2021-25748 Ingress-nginx `path` sanitization can be bypassed with newline character

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.2AI score0.00694EPSS
Exploits0References2
OSV
OSV
added 2023/05/09 2:15 a.m.4 views

CVE-2023-31404

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

5CVSS6AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/09 1:37 a.m.39 views

CVE-2023-31404 Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

5CVSS5.3AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2022/10/06 6:16 p.m.11 views

Cross site scripting

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...

5.3AI score0.00591EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2022/09/08 4:11 p.m.21 views

Automattic: IDOR in API applications (able to see any API token, leads to account takeover)

Summary: Hi, @ehtis, thank you for the test account. Here is a critical report. : On Pressable, we can create API applications at https://my.pressable.com/api/applications, and we can access many things using the API token via following the API docs I created an API application and tried to updat...

0.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.6 views

PT-2022-23205 · Blue Prism · Blue Prism Enterprise

Name of the Vulnerable Software and Affected Versions: Blue Prism Enterprise versions 6.0 through 7.01 Description: The issue allows an authenticated user to reverse engineer the software and bypass access controls for an administrative function in a misconfigured environment where the Blue Prism...

3.1CVSS3.9AI score0.00562EPSS
Exploits0References4
Prion
Prion
added 2022/06/27 7:15 p.m.18 views

Information disclosure

Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8...

4CVSS6.3AI score0.01108EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/27 6:38 p.m.81 views

CVE-2022-2221

CVE-2022-2221 concerns an Information Exposure vulnerability in the Devolutions Remote Desktop Manager product. The issue affects versions prior to 2022.1.8 and resides in the My Account Settings area, where authenticated users could access credentials of other users. The connected documents conf...

6.5CVSS6.3AI score0.01108EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.7 views

PT-2022-3162 · Emerson · Emerson Openbsi

Name of the Vulnerable Software and Affected Versions: Emerson OpenBSI through 2022-04-29 Description: The issue is related to the use of weak cryptography in Emerson OpenBSI, an engineering environment for the ControlWave and Bristol Babcock line of RTUs. Specifically, DES with hardcoded...

7.8CVSS5.7AI score0.00475EPSS
Exploits0References9
Prion
Prion
added 2022/05/17 3:15 p.m.17 views

Code injection

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

4CVSS7.5AI score0.00922EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/07 12:0 a.m.79 views

Improper Input Validation

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

8.1CVSS1.8AI score0.011EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2022/04/30 4:23 p.m.52 views

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists due to improper security validations which allows an attacker to gain access to credentials of other servers...

5.7CVSS4.5AI score0.01595EPSS
Exploits1References6Affected Software4
Positive Technologies
Positive Technologies
added 2022/03/15 12:0 a.m.2 views

PT-2022-18303 · Jenkins · Jenkins Release Helper Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Release Helper Plugin versions 1.3.3 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.4AI score0.00732EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.6 views

MongoDb For Vs Code 安全漏洞

MongoDb For Vs Code is for connecting to MongoDb and Atlas directly from a Vs Code environment, navigating databases and collections, examining the architecture and prototyping queries and aggregations using Playground. A security vulnerability in MongoDb For Vs Code, which arises from a user wit...

5.5CVSS5.9AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2021/10/28 4:15 a.m.1 views

DEBIAN-CVE-2021-43057

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinuxptracetraceme aka the SELinux handler for PTRACETRACEME could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the...

7.8CVSS7.8AI score0.00475EPSS
Exploits1References1
Rows per page
Query Builder