Lucene search
+L

72 matches found

OSV
OSV
added 2022/06/28 6:40 p.m.7 views

GSD-2022-1003045 arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth

arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold for bluetooth This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commi...

7.2AI score
Exploits0
Prion
Prion
added 2022/05/10 8:15 p.m.17 views

Information disclosure

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

2.1CVSS5.1AI score0.00112EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/01 12:0 a.m.30 views

ASB-A-201645790

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.2AI score0.00112EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2022/03/08 5:8 p.m.16 views

cts.tv Cross Site Scripting vulnerability OBB-2416623

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
NVD
NVD
added 2021/05/28 8:15 a.m.20 views

CVE-2021-32542

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...

6.1CVSS0.00681EPSS
Exploits0References2
NVD
NVD
added 2021/05/28 8:15 a.m.15 views

CVE-2021-32543

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...

6.5CVSS0.00761EPSS
Exploits0References2
OSV
OSV
added 2021/05/28 8:15 a.m.6 views

CVE-2021-32542

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...

6.1CVSS5.8AI score0.00681EPSS
Exploits0References2
NVD
NVD
added 2021/05/28 8:15 a.m.15 views

CVE-2021-32541

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5.3CVSS0.01511EPSS
Exploits0References2
Prion
Prion
added 2021/05/28 8:15 a.m.12 views

Authentication flaw

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5CVSS5.5AI score0.01511EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/05/28 8:15 a.m.16 views

Authentication flaw

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...

5.5CVSS5.7AI score0.00761EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/05/28 8:15 a.m.11 views

Cross site scripting

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...

4.3CVSS6.1AI score0.00681EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/28 8:10 a.m.22 views

CVE-2021-32543 SysJust CTS Web - Broken Authentication

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity...

6.5CVSS6.8AI score0.00761EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/28 8:10 a.m.21 views

CVE-2021-32541 SysJust CTS Web - Broken Access Control

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services...

5.3CVSS5.8AI score0.01511EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/28 8:10 a.m.17 views

CVE-2021-32542 SysJust CTS Web - Reflected XSS

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack...

4.7CVSS6.3AI score0.00681EPSS
Exploits0References2
CVE
CVE
added 2021/05/28 8:10 a.m.46 views

CVE-2021-32542

CVE-2021-32542 pertains to CTS Web trading system where the parameters of certain functions do not filter special characters, enabling unauthenticated attackers to perform reflected XSS and obtain the user’s connection token that triggered the attack. The affected component is the CTS Web trading...

6.1CVSS5.4AI score0.00681EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/28 8:10 a.m.46 views

CVE-2021-32541

CVE-2021-32541: A vulnerability in the CTS Web transaction system’s authentication and session management allows remote unauthenticated actors to flood with valid usernames and force logged-in users to log out, potentially denying access to services. The issue is tied to an incorrect implementati...

5.3CVSS5.5AI score0.01511EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2020/09/24 10:3 a.m.7 views

cts-korea.co.kr Cross Site Scripting vulnerability OBB-1361319

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
CVE
CVE
added 2019/09/25 8:15 p.m.66 views

CVE-2019-12663

CVE-2019-12663 affects Cisco IOS XE Software, specifically the TrustSec Protected Access Credential (PAC) provisioning module. The root cause is improper validation of attributes in RADIUS messages, which can be exploited by an unauthenticated remote attacker by sending a malicious RADIUS message...

8.6CVSS7.4AI score0.01777EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/10/18 7:10 p.m.9 views

cts-strasbourg.eu XSS vulnerability

Open Bug Bounty ID: OBB-687908 Description| Value ---|--- Affected Website:| cts-strasbourg.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.44 views

Microsoft Windows: Network security: Encryption types allowed for Kerberos

This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. C Microsoft Corporatio...

7.1AI score
Exploits0References6
Rows per page
Query Builder