102 matches found
All Vulnerabilities for hazard.iss.nasa.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Moral hazard of borrower calling liquidate() and potential Oracle manipulation
Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...
Mozilla Firefox Security Advisory (MFSA2014-01) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla Firefox Security Advisory (MFSA2013-92) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
citrinedjangomodule (=1.0.0), cligo (>=1.0.0 <=1.2.1) +24 more potentially affected by CVE-2021-32839 via sqlparse (>=0.4.0 <=0.4.1)
sqlparse PYPI version =0.4.0, =1.0.0, =4.15.0, =1.0.9, =0.0.1, =0.2.0, =0.0.1, =0.14.2, =0.0.6, =0.0.10, =0.0.204 and more Source cves: CVE-2021-32839 Source advisory: OSV:PYSEC-2021-333...
Siemens Desigo CC Series CCOM Communication Component Deserialization Vulnerability
Cerberus DMS is a hazard management station that helps users manage fire safety and security incidents.Desigo CC is an integrated building management platform for managing high-performance buildings.Desigo CC Compact expands the portfolio with solutions tailored for small and medium-sized...
SUSE: Security Advisory (SUSE-SU-2014:0905-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-8038 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc6+ Description: The vulnerability is related to a stack out-of-bounds read in the sch frag function when fragmenting IPv4 packets. This occurs when act mirred tries to fragment IPv4 packets that had bee...
feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)
channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:GHSA-V542-8Q9X-CFFC...
Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
feature-toggle-manager (>=0.0.1 <=0.0.2), hazard-feed (>=0.2.0 <=0.2.5) potentially affected by CVE-2020-35681 via channels (>=3.0.0 <=3.0.2)
channels PYPI version =3.0.0, =0.0.1, =0.2.0, =0.2.5 Source cves: CVE-2020-35681 Source advisory: OSV:PYSEC-2021-113...
Selea Targa IP OCR-ANPR Camera - CSRF Add Admin
Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...
SQL Injection Vulnerability in Geological Hazard Monitoring and Early Warning Internet of Things Platform
The business scope of Beijing Jiangwei Times Technology Co., Ltd. includes: technology promotion services; software design; economic and trade consulting; computer system services; basic software services and so on. There is a SQL injection vulnerability in the geological disaster monitoring and...
bitcoinq (=0.0.1), bitdust-p2p (>=0.0.2 <=0.0.3) +28 more potentially affected by CVE-2020-10108 via twisted (=20.3.0)
twisted PYPI version =20.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on twisted and may be impacted: - bitcoinq =0.0.1 - bitdust-p2p =0.0.2, =0.3.4, =3.2.2, =0.3.0a0, =0.1.0, =0.2.0, =1.0.0, =0.5.0, =0.9.0, =2.1.0b2, =1.0.2, =1.0.9 - pade =2.2.4 a...
bitcoinq (=0.0.1), bitdust-p2p (>=0.0.2 <=0.0.3) +28 more potentially affected by CVE-2020-10109 via twisted (=20.3.0)
twisted PYPI version =20.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on twisted and may be impacted: - bitcoinq =0.0.1 - bitdust-p2p =0.0.2, =0.3.4, =3.2.2, =0.3.0a0, =0.1.0, =0.2.0, =1.0.0, =0.5.0, =0.9.0, =2.1.0b2, =1.0.2, =1.0.9 - pade =2.2.4 a...
Nord Security: Account deletion requests not entirely honoured. Misinformation even after seeking clarification from customer support.
Summary: Requesting account deletion from NordVPN customer support that is supposed to have "removed your account from our database." does not truly remove account from database. Even after asking if critical information such a billing information is removed, which customer support confirms...
On Cybersecurity Insurance
Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance...
Design/Logic Flaw
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...
Hacked Hair Straighteners Can Threaten Homes
Researchers have found a way to successfully hack connected hair straighteners to turn them on and increase the heating element up to its maximum temperature—causing a serious fire hazard for unsuspecting owners. Pen Test Partners decided to put the Glamoriser hair straightener through its securi...
Millions of Golfers Land in Privacy Hazard After Cloud Misconfig
Finding cloud databases with sensitive information left open to the internet has become par for the course these days – as a new exposure of millions of sensitive data points for the users of a golf app demonstrates. Millions of golfer records from the Game Golf app, including GPS details from...