Lucene search
K

56 matches found

Cvelist
Cvelist
added 2022/01/28 10:4 a.m.43 views

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

4.9AI score0.00651EPSS
Exploits0References1
Wallarm Lab
Wallarm Lab
added 2021/05/07 3:20 p.m.29 views

What does Zero Trust mean for API security?

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to...

6.8AI score
Exploits0
OSV
OSV
added 2020/11/23 10:15 p.m.4 views

CVE-2020-25688

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal t...

3.5CVSS5.7AI score0.00248EPSS
Exploits0References1
Veracode
Veracode
added 2020/07/02 4:34 a.m.10 views

Privilege Escalation

Presto is vulnerable to privilege escalation. During the Presto server installations with secure internal communication configured, having a direct access to internal APIs allows an authenticated user to bypass the authorization checks...

8.8CVSS4.6AI score0.01058EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2020/06/30 5:15 p.m.18 views

CVE-2020-15087

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...

8.8CVSS0.01058EPSS
Exploits0References2
OSV
OSV
added 2020/06/30 5:15 p.m.10 views

CVE-2020-15087

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...

8.8CVSS8.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/30 5:15 p.m.3 views

CVE-2020-15087

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...

8.8CVSS7.9AI score0.01058EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2020/06/30 5:15 p.m.12 views

Authorization

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...

6.5CVSS8.6AI score0.01058EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/30 4:35 p.m.136 views

CVE-2020-15087

CVE-2020-15087 affects Presto server installations with secure internal communication configured. Authenticated users can bypass authorization checks by directly accessing internal APIs in Presto prior to version 337. The issue does not apply to installations lacking secure internal communication...

8.8CVSS8AI score0.01058EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/30 4:35 p.m.25 views

CVE-2020-15087 Privilege escalation in Presto

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...

7.4CVSS8.7AI score0.01058EPSS
Exploits0References2
OSV
OSV
added 2020/06/30 4:33 p.m.16 views

GHSA-F6PC-CRHH-CP96 Privilege escalation in Presto

Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured...

7.4CVSS8.8AI score0.01058EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/06/30 4:33 p.m.35 views

Privilege escalation in Presto

Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured...

8.8CVSS3.3AI score0.01058EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/30 12:0 a.m.6 views

PT-2020-14175 · Presto · Presto

Name of the Vulnerable Software and Affected Versions: Presto versions prior to 337 Description: Authenticated users can bypass authorization checks by directly accessing internal APIs. This issue impacts Presto server installations with secure internal communication configured. It does not affec...

8.8CVSS8.6AI score0.01058EPSS
Exploits0References7
CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Unspecified vulnerability in Cloudera CDH (CNVD-2020-14228)

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.6.1. An attacker could exploit t...

6.5CVSS6.8AI score0.00667EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 9:29 p.m.15 views

Privilege escalation

The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR 52.1 and Firefox 53...

5CVSS8.3AI score0.03544EPSS
Exploits1References6Affected Software8
Hacker One
Hacker One
added 2018/03/09 9:57 p.m.16 views

Ping Identity: Server-Side Request Forgery on SAML Application - Import via URL

Summary == The My Applications feature on PingOne Identity admin allows you to add new SAML applications to your account. One feature allows you to import metadata via URI instead of via upload. This uses Java 1.8 to make an external web request to the URI supplied. Typically this is hard to...

0.6AI score
Exploits0
Rows per page
Query Builder