Lucene search
+L

151 matches found

Prion
Prion
added 2021/07/30 2:15 p.m.17 views

Design/Logic Flaw

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data...

5CVSS7.5AI score0.01124EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/27 12:48 p.m.54 views

CVE-2020-14999

CVE-2020-14999 affects Acronis Agent’s system monitoring driver, where a logic bug allowed bypassing Windows memory protection and accessing sensitive data. Publicly documented affected range is 12.5.21540 through 12.5.23093; a fix appears in 12.5.23094. The issue is described across multiple sou...

7.5CVSS7.4AI score0.01124EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/27 12:48 p.m.25 views

CVE-2020-14999

A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data...

7.5AI score0.01124EPSS
Exploits0References1
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.9 views

Interest debt is capped after a year

Handle @cmichelio Vulnerability details Vulnerability Details The Utils.getInterestOwed function computes the interestPayment as: uint256 interestPayment = calcShare timeElapsed, year, getInterestPaymentcollateralAsset, debtAsset ; // Share of the payment over 1 year However, calcShare caps...

6.9AI score
Exploits0
Prion
Prion
added 2021/02/01 2:15 a.m.15 views

Design/Logic Flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

5CVSS9.3AI score0.01178EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2021/01/20 11:16 a.m.41 views

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

0.1AI score
Exploits0
Veracode
Veracode
added 2021/01/12 5:0 a.m.14 views

Privilege Escalation

proxypy is vulnerable to privilege escalation. The vulnerability exist because of a logic bug that allows bypass to the proxy authentication which is able to set one of its operands to False to skip the challenge...

7.5CVSS3AI score0.01673EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/09/15 11:15 p.m.20 views

CVE-2020-10766

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

5.5CVSS0.00463EPSS
Exploits0References2
OSV
OSV
added 2020/09/15 11:15 p.m.9 views

CVE-2020-10766

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

5.5CVSS5.9AI score0.00463EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/15 10:10 p.m.20 views

CVE-2020-10766

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

5.5CVSS6.1AI score0.00463EPSS
Exploits0References2
Amazon
Amazon
added 2020/09/08 12:0 a.m.4 views

Important: kernel-livepatch-4.14.181-142.260

Issue Overview: An issue has been reported in the Linux kernel's handling of raw sockets. This issue can be used locally to cause denial of service or local privilege escalation from unprivileged processes or from containers with the CAPNETRAW capability enabled. See Also:...

7.8CVSS6.4AI score0.01308EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.69 views

EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In calcvmmayflags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This...

7.8CVSS7.5AI score0.02605EPSS
Exploits6References18
Metasploit
Metasploit
added 2020/08/13 5:40 p.m.144 views

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...

9.8CVSS10AI score0.99728EPSS
Exploits28
Packet Storm
Packet Storm
added 2020/08/13 12:0 a.m.251 views

vBulletin 5.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x /ajax/render/widgettabbedcontainertabpanel PHP remote code execution.', 'Description' = %q This module exploits a logic bug within...

7.5CVSS0.2AI score0.99728EPSS
Exploits28
0day.today
0day.today
added 2020/08/12 12:0 a.m.424 views

vBulletin 5.x Remote Code Execution Exploit

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...

9.8CVSS10AI score0.99728EPSS
Exploits28
Veracode
Veracode
added 2020/07/22 3:54 a.m.49 views

Information Disclosure

kernel is vulnerable to information disclosure. A logic bug was found in the Linux kernels implementation of SSBD. A bug in the logic handling can allow an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in pla...

5.5CVSS1.5AI score0.00463EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2020/07/01 2:15 a.m.24 views

CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

5.3CVSS0.00998EPSS
Exploits0References1
Prion
Prion
added 2020/07/01 2:15 a.m.18 views

Server side request forgery (ssrf)

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...

5CVSS5.2AI score0.00998EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.108 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/06/19 1:56 a.m.44 views

SSRF in Dashboard & Gadgets - CVE-2019-20408

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class. As an example to indicate impact, when...

5.3CVSS4.8AI score0.00998EPSS
Exploits0
Rows per page
Query Builder