Lucene search
K

123 matches found

Cvelist
Cvelist
added 2023/11/30 4:49 a.m.31 views

CVE-2023-49094 Symbolicator Server Side Request Forgery vulnerability

Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...

4.3CVSS5AI score0.00705EPSS
Exploits0References4
Prion
Prion
added 2023/10/25 7:15 p.m.28 views

Information disclosure

This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data...

2.1CVSS4.6AI score0.00457EPSS
Exploits0References12Affected Software4
Cvelist
Cvelist
added 2023/09/28 11:24 p.m.31 views

CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

7.6CVSS7.6AI score0.00436EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 3:18 p.m.19 views

Code injection

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data...

1.9CVSS5.5AI score0.00288EPSS
Exploits0References5Affected Software5
Cvelist
Cvelist
added 2023/09/26 8:14 p.m.33 views

CVE-2023-41996

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch...

5.8AI score0.00258EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/09/01 6:22 p.m.15 views

CVE-2023-41051

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

4.7CVSS4.4AI score0.00237EPSS
Exploits0
Prion
Prion
added 2023/08/14 11:15 p.m.25 views

Input validation

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory...

1.9CVSS5.1AI score0.00227EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/28 4:30 a.m.27 views

CVE-2023-34425

The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges...

8.7AI score0.01118EPSS
Exploits0References12
Prion
Prion
added 2023/07/13 11:15 p.m.16 views

Command injection

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

4.3CVSS4.9AI score0.00381EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/04/25 7:15 p.m.28 views

CVE-2022-45291

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

7.2CVSS7.6AI score0.01326EPSS
Exploits1References2
Prion
Prion
added 2023/04/25 7:15 p.m.15 views

Hardcoded credentials

PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...

5.8CVSS7.6AI score0.01326EPSS
Exploits1References2
OSV
OSV
added 2023/03/01 4:23 p.m.24 views

CVE-2022-39228 Observable Response Discrepancy in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

5.3CVSS6.4AI score0.00591EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.8 views

CVE-2021-32847 Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed ...

7.1CVSS6.8AI score0.00369EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/16 12:24 p.m.22 views

CVE-2022-41961 BigBlueButton subject to Ineffective user bans

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remaining registered...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2022/09/23 7:15 p.m.23 views

CVE-2022-32847

This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. A remote user may be able to cause unexpected system termination or corrupt kernel memory...

9.1CVSS0.02602EPSS
Exploits0References6
OSV
OSV
added 2022/08/12 12:0 a.m.18 views

CVE-2022-35949 `undici.request` vulnerable to SSRF using absolute URL on `pathname`

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

5.3CVSS7.2AI score0.01388EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/05/26 7:2 p.m.22 views

CVE-2022-26739

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges...

8.2AI score0.00922EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/26 10:35 p.m.18 views

CVE-2022-27888 The Foundry Issues service was found to be logging in a manner that captured session tokens.

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...

5.5CVSS5.5AI score0.00224EPSS
Exploits0References1
Prion
Prion
added 2022/04/12 5:15 p.m.27 views

Design/Logic Flaw

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

4.3CVSS6.3AI score0.00983EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/18 5:59 p.m.22 views

CVE-2022-22635

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges...

8.5AI score0.01176EPSS
Exploits0References2
Rows per page
Query Builder