Lucene search
K

45 matches found

Github Security Blog
Github Security Blog
added 2024/02/21 6:4 p.m.23 views

XWiki extension license information is public, exposing instance id and license holder details

Impact The licensor application includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email o...

5.3CVSS6.5AI score0.00492EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/02/21 4:52 p.m.48 views

CVE-2024-26138 License information is public, exposing instance id and license holder details

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...

5.3CVSS5.4AI score0.00492EPSS
Exploits0References3
OSV
OSV
added 2023/12/14 9:15 a.m.5 views

CVE-2023-46348

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...

9.8CVSS5.8AI score0.00849EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/12/14 9:15 a.m.4 views

CVE-2023-46348

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and StUrls::getInstanceId methods...

9.8CVSS5.9AI score0.00849EPSS
Exploits0References2
NVD
NVD
added 2023/07/04 5:15 a.m.29 views

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

7.8CVSS7.4AI score0.00115EPSS
Exploits0References1
Prion
Prion
added 2023/07/04 5:15 a.m.26 views

Memory corruption

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

4.3CVSS7.8AI score0.00115EPSS
Exploits0References1
CVE
CVE
added 2023/07/04 4:46 a.m.67 views

CVE-2023-21638

CVE-2023-21638 describes memory corruption in the video subsystem when APIs are invoked with an instance ID different from the one received during initialization. Several sources (NVD, Red Hat, PRION, CNNVD, Android Pixel bulletin) reference this issue as affecting Qualcomm components and list it...

7.8CVSS7AI score0.00115EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/04 4:46 a.m.18 views

CVE-2023-21638 Incorrect Type Conversion or Cast in Video

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization...

6.7CVSS7.2AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2022/11/15 2:15 a.m.4 views

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS5.8AI score0.0073EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 4:50 a.m.27 views

OpenStack Nova Router metadata queries are not restricted by tenant

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

5CVSS6.9AI score0.01837EPSS
Exploits1References12Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:23 a.m.20 views

Moodle does not properly validate module instance id

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...

10CVSS7AI score0.01478EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/03/05 9:15 a.m.29 views

CVE-2019-10569

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

7.8CVSS7.9AI score0.00201EPSS
Exploits0References1
Prion
Prion
added 2020/03/05 9:15 a.m.22 views

Stack overflow

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

7.2CVSS7.9AI score0.00201EPSS
Exploits0References1
0day.today
0day.today
added 2019/03/19 12:0 a.m.53 views

Google Chrome < M73 - MidiManagerWin Use-After-Free Exploit

Google Chrome M73 - MidiManagerWin Use-After-Free Exploit MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int,...

8.8CVSS0.6AI score0.07287EPSS
Exploits1
Veracode
Veracode
added 2019/01/15 8:57 a.m.24 views

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive...

5CVSS5.4AI score0.01837EPSS
Exploits1References16Affected Software1
Veracode
Veracode
added 2018/08/29 4:51 a.m.10 views

Authorization Bypass

phpmyfaq/phpmyfaq is vulnerable to authorization bypasses. The library does not properly handle the instance ID, allowing a malicious user with admin rights to delete a multi-site master instance...

2.7CVSS6.7AI score0.03187EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2018/08/28 5:29 p.m.26 views

CVE-2014-6049

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...

5.5CVSS3.5AI score0.03187EPSS
Exploits0References2
Prion
Prion
added 2018/08/28 5:29 p.m.21 views

Authorization

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...

5.5CVSS6.7AI score0.03187EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2014/08/07 11:13 a.m.10 views

CVE-2014-3517

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

6.3AI score
Exploits0References3
CVE
CVE
added 2014/08/07 10:0 a.m.84 views

CVE-2014-3517

OpenStack Nova metadata proxy (api/metadata/handler.py) is affected when proxying metadata requests through Neutron. The vulnerability allows timing-based brute-forcing to guess instance ID signatures. Affected ranges include OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and J...

4.3CVSS6.4AI score0.01938EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder