Lucene search
K

9182 matches found

Prion
Prion
added 2020/02/11 3:15 p.m.15 views

Input validation

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...

6.8CVSS7.7AI score0.01908EPSS
Exploits0References9Affected Software2
CVE
CVE
added 2020/02/11 2:42 p.m.235 views

CVE-2020-6409

The connected advisories confirm CVE-2020-6409 affects Chromium/Google Chrome "Omnibox" in versions before 80.0.3987.87. The issue is described as an inappropriate Omnibox implementation that lets a remote attacker bypass navigation restrictions by enticing a user to visit a crafted domain name. ...

8.8CVSS7.8AI score0.01742EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2020/02/11 2:42 p.m.28 views

CVE-2020-6404

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.4AI score0.02045EPSS
Exploits5References8
Debian CVE
Debian CVE
added 2020/02/11 2:42 p.m.24 views

CVE-2020-6404

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.7AI score0.02045EPSS
Exploits5
Debian CVE
Debian CVE
added 2020/02/11 2:42 p.m.19 views

CVE-2020-6409

Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name...

8.8CVSS7.3AI score0.01742EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/02/11 8:31 a.m.4 views

OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

4.3CVSS7.4AI score0.04221EPSS
Exploits0References4
OSV
OSV
added 2020/02/10 9:51 p.m.6 views

CVE-2019-19193

The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...

6.5CVSS5.8AI score0.00703EPSS
Exploits0References2
CVE
CVE
added 2020/02/10 8:11 p.m.81 views

CVE-2019-17060

The CVE-2019-17060 entry affects the NXP KW41Z BLE stack (MCUXpresso SDK Bluetooth Low Energy Driver 2.2.1 and earlier). The vulnerability arises because the Link Layer header is not properly restricted when LLID = 0, causing the device to execute certain memory contents upon frame reception. Con...

6.5CVSS6.9AI score0.00818EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/02/10 12:15 p.m.27 views

CVE-2020-6397

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...

6.5CVSS2.5AI score0.01915EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/02/10 12:15 p.m.27 views

CVE-2020-6400

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS4.8AI score0.02004EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/02/10 12:14 p.m.20 views

CVE-2020-6396

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS2.9AI score0.01738EPSS
Exploits1References4
Prion
Prion
added 2020/02/06 3:15 a.m.20 views

Cross site request forgery (csrf)

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

6.8CVSS8.6AI score0.09918EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2020/01/31 4:15 p.m.7 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.8CVSS6.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/01/31 4:15 p.m.33 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0References2
NVD
NVD
added 2020/01/31 3:15 p.m.16 views

CVE-2013-5113

LastPass prior to 2.5.1 has an insecure PIN implementation...

6.8CVSS6.6AI score0.00586EPSS
Exploits1References3
Prion
Prion
added 2020/01/31 3:15 p.m.12 views

Information disclosure

LastPass prior to 2.5.1 has an insecure PIN implementation...

1.9CVSS7.1AI score0.00586EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/01/31 3:8 p.m.34 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.5AI score0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/01/31 2:14 p.m.20 views

CVE-2013-5113

LastPass prior to 2.5.1 has an insecure PIN implementation...

6.6AI score0.00586EPSS
Exploits1References3
CVE
CVE
added 2020/01/31 2:14 p.m.42 views

CVE-2013-5113

CVE-2013-5113 concerns LastPass versions prior to 2.5.1 and an insecure PIN implementation. The vulnerability affects PIN handling in the affected LastPass release(s) and has associated CVSS scores indicating low (2.0) and medium (3.1) impact metrics in different schemes, with local/physical expo...

6.8CVSS6.6AI score0.00586EPSS
Exploits1References3Affected Software1
Kitploit
Kitploit
added 2020/01/31 11:30 a.m.135 views

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

7.5AI score
Exploits0References6
Rows per page
Query Builder