Lucene search
K

157 matches found

CNVD
CNVD
added 2023/10/11 12:0 a.m.21 views

Huawei HarmonyOS and EMUI Licensing Issues Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI are vulnerable to an...

9.8CVSS9.2AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2023/09/22 11:15 p.m.25 views

CVE-2023-43129

D-LINK DIR-806 1200M11AC wireless router DIR806A1FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTEPORT parameters...

9.8CVSS9.8AI score0.02403EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.7 views

IBM Personal Communications Security Breach

IBM Personal Communications is International Business Machines' IBM host communications and terminal emulation package for Microsoft Windows. It is now available in a complete 64-bit architecture with Virtual Terminal VT emulation and System Network Architecture SNA application support, and...

8.4CVSS6.5AI score0.00186EPSS
Exploits0References3
OSV
OSV
added 2023/08/02 2:15 p.m.5 views

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

9.8CVSS5.8AI score0.00948EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/02 2:15 p.m.5 views

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

9.8CVSS5.9AI score0.00948EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/04 4:29 p.m.31 views

CVE-2023-31999

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to...

8.9AI score0.00679EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.26 views

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS5.7AI score0.00626EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.10 views

RHSSO: XSS due to lax URI scheme validation

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS5.7AI score0.00626EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/27 12:0 a.m.36 views

RHEL 8 : Red Hat Single Sign-On 7.6.4 security update on RHEL 8 (Important) (RHSA-2023:3884)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3884 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

10CVSS6.5AI score0.01771EPSS
Exploits0References13
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.5 views

AWS Cloud Development Kit 安全漏洞

AWS Cloud Development Kit is an open source software development framework for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from two roles created by eks.Cluster and eks.FargateCluster that...

8.8CVSS8AI score0.00897EPSS
Exploits1References3
OSV
OSV
added 2023/06/19 5:15 p.m.5 views

CVE-2022-48494

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2023/06/19 12:0 a.m.65 views

CVE-2022-48496

CVE-2022-48496 describes a vulnerability in Huawei HarmonyOS where lax app identity verification in the pre-authorization function can allow malicious apps to become pre-authorized. The issue, associated with a high impact score (CVSS v3.1: 7.5, HIGH; Attack Vector: Network; Privileges Required: ...

7.5CVSS7.4AI score0.00324EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-24210

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.7.12 Emby Server Beta versions prior to 4.8.31 Description This issue may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers intended fo...

9.1CVSS9.1AI score0.01713EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.9 views

GitLab 路径遍历漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

10CVSS6.8AI score0.71641EPSS
Exploits5References6
Github Security Blog
Github Security Blog
added 2023/04/12 8:40 p.m.27 views

OpenFeature Operator vulnerable to Cluster-level Privilege Escalation

Impact On a node controlled by an attacker or malicious user, the lax permissions configured on open-feature-operator-controller-manager can be used to further escalate the privileges of any service account in the cluster. The increased privileges could be used to modify cluster state, leading to...

8.8CVSS8.2AI score0.00659EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.5 views

PT-2023-22090 · Unknown · Openfeature Operator

Name of the Vulnerable Software and Affected Versions: OpenFeature Operator versions prior to 0.2.32 Description: The issue allows an attacker to escalate the privileges of any service account in the cluster, assuming the pre-existence of a vulnerability that enables arbitrary code execution. Thi...

8.8CVSS8AI score0.00659EPSS
Exploits0References9
NVD
NVD
added 2023/02/20 4:15 p.m.41 views

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS5.5AI score0.00351EPSS
Exploits0References5
Prion
Prion
added 2023/02/20 4:15 p.m.17 views

Design/Logic Flaw

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

3.5CVSS5.5AI score0.00351EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/02/20 3:12 p.m.58 views

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

5.7CVSS5.5AI score0.00351EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.10 views

SUSE CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...

7.5CVSS8.1AI score0.56636EPSS
Exploits15References14
Rows per page
Query Builder