Lucene search
K

380 matches found

Cvelist
Cvelist
added 2021/01/21 3:10 p.m.30 views

CVE-2021-3152

Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Hom...

5.5AI score0.02231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/01/21 12:0 a.m.5 views

PT-2021-19401

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2021.1.3 Description The issue is related to a lack of protection against directory-traversal attacks in custom integrations. It is noted that the vendor views the vulnerability as being in custom integrations...

5.3CVSS6AI score0.02231EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2021/01/06 8:57 a.m.4 views

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The...

5.8AI score
Exploits0
Kitploit
Kitploit
added 2020/11/22 11:30 a.m.65 views

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

7.3AI score
Exploits0References1
NVD
NVD
added 2020/11/09 1:15 a.m.18 views

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

5.5CVSS4.3AI score0.01682EPSS
Exploits0References1
NVD
NVD
added 2020/11/09 1:15 a.m.17 views

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

5.5CVSS3.1AI score0.0156EPSS
Exploits0References1
OSV
OSV
added 2020/11/09 1:15 a.m.26 views

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

4.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2020/11/09 1:15 a.m.22 views

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

2.7CVSS6.1AI score
Exploits0References1
Prion
Prion
added 2020/11/09 1:15 a.m.15 views

Design/Logic Flaw

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

5.5CVSS5AI score0.01682EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/09 1:15 a.m.24 views

Design/Logic Flaw

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

5.5CVSS3.7AI score0.0156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/09 12:40 a.m.21 views

CVE-2020-24404 Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

2.7CVSS3.6AI score0.0156EPSS
Exploits0References1
CVE
CVE
added 2020/11/09 12:40 a.m.66 views

CVE-2020-24404

Summary (CVE-2020-24404): Magento Open Source platforms 2.4.0 and 2.3.5p1 (and earlier) have an incorrect permissions vulnerability in the Integrations component. It can be exploited by users who have Pages resource permissions to delete CMS pages via the REST API without authorization, exposing ...

5.5CVSS3.5AI score0.0156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/09 12:39 a.m.19 views

CVE-2020-24402 Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

4.9CVSS4.7AI score0.01682EPSS
Exploits0References1
CVE
CVE
added 2020/11/09 12:39 a.m.80 views

CVE-2020-24402

Magento 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. The issue allows authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. This is rooted in impro...

5.5CVSS4.6AI score0.01682EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.3 views

PT-2020-4578 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to an incorrect permissions vulnerability in the Integrations component of Magento. This could allow authenticated users with permissions to the Resource Access...

6.4CVSS4.9AI score0.01682EPSS
Exploits0References10
Gitee
Gitee
added 2020/10/02 7:35 p.m.2 views

pocsuite3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the analysis: pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine...

7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/10/01 11:0 p.m.3 views

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

5.5CVSS4.7AI score0.0156EPSS
Exploits0References2
The Coalfire Blog
The Coalfire Blog
added 2020/09/30 12:51 a.m.12 views

Help Net Security – ThreadFix 3.0 Review

Help Net Security recently published a review of ThreadFix 3.0. Security Researcher, Toni Grzinic, took a deep dive into our vulnerability management platform and broke down everything from infrastructure, reporting and analytics, to integrations, and beyond. Click here to read Tonis full review ...

1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/09/08 4:34 p.m.24 views

VMware Carbon Black First to Block Hidden Malicious Commands in Obfuscated Scripts

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become...

0.6AI score
Exploits0
Veeam
Veeam
added 2020/07/23 9:46 p.m.21 views

Release Notes for Veeam Backup & Replication 10a

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 10a. Cause Please confirm that you are running version 9.5 Update 3 build 9.5.0.1536 or later prior to upgrading...

6.8AI score
Exploits0
Rows per page
Query Builder