Lucene search
+L

151 matches found

cve
cve
added 2024/03/26 5:24 p.m.171 views

CVE-2024-1313

CVE-2024-1313 is confirmed with concrete details in connected docs: Grafana versions affected are 9.5.0–9.5.17, 10.0.0–10.0.12, 10.1.0–10.1.8, 10.2.0–10.2.5, and 10.3.0–10.3.4. The issue is an authorization bypass allowing a user from a different organization to delete a snapshot by sending DELET...

6.5CVSS6.9AI score0.00646EPSS
Exploits0References2
osv
osv
added 2024/03/06 11:16 a.m.17 views

BIT-TENSORFLOW-2021-37686 Infinite loop in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

5.5CVSS5.6AI score0.00173EPSS
Exploits0References3
osv
osv
added 2024/02/10 7:2 p.m.13 views

MGASA-2024-0035 Updated xpdf packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...

9.1CVSS6.4AI score0.01599EPSS
Exploits17References3
osv
osv
added 2024/01/24 8:53 p.m.18 views

GHSA-7G9J-G5JG-3VV3 Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

3.1CVSS6AI score0.00387EPSS
Exploits0References5
github
github
added 2024/01/24 8:53 p.m.21 views

Unauthenticated Nonce Increment in snow

Impact There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it...

4.3CVSS6AI score0.00387EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/01/23 12:0 p.m.28 views

RUSTSEC-2024-0011 Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

4.3CVSS7AI score0.00387EPSS
Exploits0References3
code423n4
code423n4
added 2023/11/13 12:0 a.m.8 views

AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/11/13 12:0 a.m.9 views

AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

6.9AI score
Exploits0
githubexploit
githubexploit
added 2023/09/09 12:11 p.m.286 views

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

9.8CVSS8.2AI score0.99931EPSS
Exploits42
code423n4
code423n4
added 2023/03/10 12:0 a.m.10 views

Use of timestamp for comparisons

Lines of code Vulnerability details Impact The timestamp in use can be manipulated causing a logic bug in the checks performed Proof of Concept Tools Used slither Recommended Mitigation Steps use random number generation --- The text was updated successfully, but these errors were encountered: Al...

7AI score
Exploits0
f5
f5
added 2023/02/21 6:53 p.m.42 views

K10522033: Intel CSME and TXE vulnerability CVE-2019-0098

Security Advisory Description Logic bug vulnerability in subsystem for IntelR CSME before version 12.0.35, IntelR TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2019-0098 Impact An attacker with physical access to...

7.2CVSS7.3AI score0.00472EPSS
Exploits0Affected Software1
susecve
susecve
added 2023/02/15 3:27 a.m.4 views

SUSE CVE-2022-24949

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...

7.5CVSS7.7AI score0.00853EPSS
Exploits1References5
openvas
openvas
added 2023/01/18 12:0 a.m.31 views

Mozilla Firefox Security Advisories (MFSA2022-54, MFSA2023-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

8.8CVSS8.8AI score0.00702EPSS
Exploits0References1
nvd
nvd
added 2022/12/29 12:15 a.m.43 views

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

9.8CVSS0.01194EPSS
Exploits0References1
osv
osv
added 2022/12/29 12:15 a.m.6 views

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

9.8CVSS5.8AI score0.01194EPSS
Exploits0References1
prion
prion
added 2022/12/29 12:15 a.m.19 views

Authentication flaw

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

7.5CVSS9.4AI score0.01194EPSS
Exploits0References1Affected Software1
cve
cve
added 2022/12/28 2:20 p.m.67 views

CVE-2022-4779

CVE-2022-4779 concerns StreamX applications (versions 6.02.01–6.04.34) with the StreamView HTML component when the public web server feature is enabled. A logic bug allows bypassing the implemented authentication scheme, exposing potentially unauthenticated access. Affected components and root ca...

9.8CVSS8.8AI score0.01194EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/12/28 2:20 p.m.50 views

CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

7.5CVSS9.7AI score0.01194EPSS
Exploits0References1
nvd
nvd
added 2022/08/16 1:15 a.m.29 views

CVE-2022-24949

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...

7.5CVSS0.00853EPSS
Exploits1References2
prion
prion
added 2022/08/16 1:15 a.m.20 views

Race condition

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...

4.6CVSS7.8AI score0.00853EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder