Lucene search
K

262 matches found

NVD
NVD
added 2021/12/26 1:15 a.m.14 views

CVE-2021-45678

NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code...

9.8CVSS0.01286EPSS
Exploits1References1
Prion
Prion
added 2021/11/15 4:15 p.m.17 views

Design/Logic Flaw

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t...

4.3CVSS4.1AI score0.00515EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2021/09/30 8:15 a.m.31 views

CVE-2021-41616

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...

9.8CVSS0.03214EPSS
Exploits0References1
OSV
OSV
added 2021/09/30 8:15 a.m.20 views

CVE-2021-41616

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...

9.8CVSS7.4AI score
Exploits0References1
CVE
CVE
added 2021/09/30 7:55 a.m.82 views

CVE-2021-41616

CVE-2021-41616 concerns Apache DB DdlUtils 1.0, where the BinaryObjectsHelper deserializes data via ObjectInputStream.readObject without validating input. This insecure deserialization could lead to arbitrary code execution. Multiple sources (NVD, OSV, CNVD) describe the root cause as the untrust...

9.8CVSS9.8AI score0.03214EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2021/06/26 5:42 a.m.10 views

in beestat/app

✍️ Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...

0.3AI score
Exploits0
CVE
CVE
added 2021/06/09 1:59 p.m.50 views

CVE-2021-33669

The CVE-2021-33669 entry concerns SAP Mobile SDK Certificate Provider, where insecure temporary file storage can be abused by a local, unprivileged attacker. Exploitation requires user interaction from another user and is described to potentially impact confidentiality, integrity, and availabilit...

7.8CVSS7.4AI score0.00225EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/06/02 2:15 p.m.15 views

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...

9.8CVSS0.02307EPSS
Exploits0References3
CNVD
CNVD
added 2021/05/11 12:0 a.m.5 views

Singularity has an unspecified vulnerability

Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...

7.5CVSS6.6AI score0.00958EPSS
Exploits1References1
OSV
OSV
added 2021/04/15 12:15 a.m.3 views

CVE-2021-26076

The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn...

3.7CVSS5.8AI score0.01232EPSS
Exploits0References1
OSV
OSV
added 2021/02/18 3:15 p.m.3 views

CVE-2021-20445

IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621...

6.5CVSS5.8AI score0.01139EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2021/01/12 6:1 p.m.40 views

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not...

0.1AI score
Exploits0
CNVD
CNVD
added 2020/11/18 12:0 a.m.8 views

Unspecified vulnerability in Aviatrix Controller (CNVD-2021-17716)

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

9CVSS7.1AI score0.01441EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.8 views

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

9CVSS7.4AI score0.01441EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2020/03/23 4:44 p.m.36 views

A week in security (March 16 – 22)

Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and campaigns that ride the COVID-19 train, namely the criminal group APT36 and threat actors purporting to be the World Health Organization WHO but instead spreading malware. Lastly...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.23 views

Insecure Cross-Origin Resource Sharing Configuration

Cross Origin Resource Sharing CORS is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to...

7.4AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/02/18 2:29 p.m.31 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS0.8AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/01/27 3:23 p.m.23 views

CVE-2019-17190

A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, th...

7.6AI score0.00522EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.6 views

The vulnerability of the Kernel Mode Driver component in Intel Graphics Drivers relates to insecure privilege management, allowing attackers to escalate their privileges.

The vulnerability of the Kernel Mode Driver component in Intel Graphics Drivers is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.8CVSS7.2AI score0.00365EPSS
Exploits0References3Affected Software1
Schneier on Security
Schneier on Security
added 2019/12/05 12:6 p.m.46 views

Election Machine Insecurity Story

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across mor...

1.5AI score
Exploits0
Rows per page
Query Builder