Lucene search
K

269 matches found

CNVD
CNVD
added 2021/07/03 12:0 a.m.13 views

Kudos Live has a flawed logic vulnerability

Kudou Live, formerly Fanxing Live, is an online video interactive performing arts platform created by Kudou in 2012. There is a logic flaw vulnerability in Kudou Live, which can be exploited by attackers to hijack plaintext messages and inject malicious programs into Kudou Live upgrade, leading t...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/16 12:0 a.m.8 views

Logic flaw vulnerability in hera task scheduling system

hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...

7.1AI score
Exploits0
CNVD
CNVD
added 2021/06/14 12:0 a.m.10 views

Cool Music App Has Logic Flaw Vulnerability

Cool Music is a music player. A logic flaw vulnerability exists in CoolMusic APP, which can be exploited by an attacker to cause a phone lockup by using a proxy tool to tamper with the packet to replace the upgrade link...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2021/06/11 3:47 a.m.77 views

curl: CVE-2021-22924: Bad connection reuse due to flawed path name checks

Summary: Curlsslconfigmatches attempts to compare whether two SSL connections have identical SSL security options or not. The idea is to avoid reusing a connection that uses less secure, or completely different security options such as capath, cainfo or certificate/issuer pinning. Unfortunately...

4.3CVSS5.7AI score0.0627EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/06/03 12:0 a.m.4 views

The vulnerability of the IBM Security Guardium security tool lies in the use of cryptographic algorithms that contain defects and risks, allowing attackers to gain unauthorized access to the protected information.

The vulnerability of the IBM Security Guardium security tool is related to the use of cryptographic algorithms that contain defects and risks. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...

6.8CVSS6.8AI score0.0071EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2021/04/14 8:4 p.m.3 views

Uncaught Exception

Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: A number of math/big.Int methods can panic when provided large inputs due to a flawed division method. Remediation Upgrade...

8.7CVSS6.8AI score0.03813EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.4 views

The vulnerability of the Graphics Component component of the Windows operating system, which allows a hacker to execute arbitrary code.

The vulnerability of the Graphics Component component in the Windows operating system is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.6AI score0.02472EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/02/09 4:4 p.m.40 views

CVE-2021-21240

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

7.5CVSS0.7AI score0.03876EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.3 views

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere Application Serv...

8.2CVSS7.2AI score0.05162EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2021/02/01 4:59 p.m.161 views

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...

0.1AI score
Exploits0References16
Prion
Prion
added 2021/01/03 4:15 a.m.15 views

Design/Logic Flaw

The deposit function in the smart contract implementation for Stable Yield Credit yCREDIT, an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should...

5CVSS7.6AI score0.01261EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/18 12:0 a.m.2 views

BaoBao App has a flawed logic vulnerability

BaoBao APP is an insurance knowledge exchange platform. A logic flaw vulnerability exists in Paobao APP, which can be exploited by attackers to obtain sensitive information about the application...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/11/02 5:41 p.m.22 views

WordPress Pushes Out Multiple Flawed Security Updates

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455...

7.9AI score
Exploits0References13
Veracode
Veracode
added 2020/10/29 10:33 a.m.17 views

Improper Use Of Flawed Policy

openstack-selinux is using flawed policy. policy flaw allows dbus messaging...

6.5CVSS2.5AI score0.00221EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/09/24 3:15 p.m.10 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/08/11 12:0 a.m.2 views

Prometheus Blackbox Exporter Code Issue Vulnerability

Prometheus Blackbox Exporter is a blackbox exporter released by the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A code issue vulnerability exists in Prometheus Blackbox Exporter 0.17.0 and earlier versions. The vulnerability...

5.8CVSS6.9AI score0.02698EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2020/08/09 1:0 p.m.19 views

A British AI Tool to Predict Violent Crime Is Too Flawed to Use

A government-funded system known as Most Serious Violence was built to predict first offenses but turned out to be wildly inaccurate...

3.6AI score
Exploits0
Veracode
Veracode
added 2020/06/16 3:34 a.m.19 views

Information Disclosure

ssb-db and ssb-server are vulnerable to information disclosure. A flaw in the get method leads to a decryption of any messages it can decrypt and returning of decrypted sensitive data by default instead of only decrypting when asked...

7.5CVSS1.7AI score0.01292EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/06/16 12:0 a.m.3 views

Open-Xchange OX Guard Code Issue Vulnerability

Open-Xchange OX Guard is an encryption software from Open-Xchange USA. The software is mainly used for encryption/decryption of emails and documents. A code issue vulnerability exists in Open-Xchange OX Guard 2.10.3 and prior versions. The vulnerability arises from an improperly designed or...

5CVSS7.1AI score0.01123EPSS
Exploits2References1
CNVD
CNVD
added 2020/06/11 12:0 a.m.2 views

Meetecho Janus Code Issue Vulnerability (CNVD-2020-34717)

Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. A code issue vulnerability exists in Meetecho Janus. The vulnerability stems from an improperly designed or implemented code development process for a web system or product. Detailed vulnerability details are not availab...

7.5CVSS7.2AI score0.02371EPSS
Exploits1References1
Rows per page
Query Builder