72 matches found
GSD-2022-1003045 arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth
arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commi...
Information disclosure
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
ASB-A-201645790
In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
cts.tv Cross Site Scripting vulnerability OBB-2416623
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2021-32542
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...
CVE-2021-32543
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...
CVE-2021-32542
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...
CVE-2021-32541
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...
Authentication flaw
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...
Authentication flaw
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...
Cross site scripting
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...
CVE-2021-32543 SysJust CTS Web - Broken Authentication
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...
CVE-2021-32541 SysJust CTS Web - Broken Access Control
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...
CVE-2021-32542 SysJust CTS Web - Reflected XSS
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...
CVE-2021-32542
CVE-2021-32542 pertains to CTS Web trading system where the parameters of certain functions do not filter special characters, enabling unauthenticated attackers to perform reflected XSS and obtain the user’s connection token that triggered the attack. The affected component is the CTS Web trading...
CVE-2021-32541
CVE-2021-32541: A vulnerability in the CTS Web transaction system’s authentication and session management allows remote unauthenticated actors to flood with valid usernames and force logged-in users to log out, potentially denying access to services. The issue is tied to an incorrect implementati...
cts-korea.co.kr Cross Site Scripting vulnerability OBB-1361319
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2019-12663
CVE-2019-12663 affects Cisco IOS XE Software, specifically the TrustSec Protected Access Credential (PAC) provisioning module. The root cause is improper validation of attributes in RADIUS messages, which can be exploited by an unauthenticated remote attacker by sending a malicious RADIUS message...
cts-strasbourg.eu XSS vulnerability
Open Bug Bounty ID: OBB-687908 Description| Value ---|--- Affected Website:| cts-strasbourg.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...
Microsoft Windows: Network security: Encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. C Microsoft Corporatio...