Lucene search
K

120 matches found

NVD
NVD
added 2021/05/17 5:15 p.m.21 views

CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

5.3CVSS0.00928EPSS
Exploits0References1
0day.today
0day.today
added 2021/04/07 12:0 a.m.117 views

Gitea Git Hooks Remote Code Execution Exploit

This Metasploit module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the...

7.2CVSS7.3AI score0.93691EPSS
Exploits12
Prion
Prion
added 2021/03/17 1:15 p.m.7 views

Open redirect

Rejected reason: Unused CVE for 2020...

7.2AI score
Exploits0
ArchLinux
ArchLinux
added 2021/01/29 12:0 a.m.106 views

[ASA-202101-44] home-assistant: information disclosure

Arch Linux Security Advisory ASA-202101-44 ========================================== Severity: Medium Date : 2021-01-29 CVE-ID : CVE-2021-3152 Package : home-assistant Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1488 Summary ======= The package...

5.3CVSS1.2AI score0.02231EPSS
Exploits0References4
OSV
OSV
added 2021/01/20 12:0 p.m.14 views

RUSTSEC-2021-0013 Soundness issues in `raw-cpuid`

Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...

7.5CVSS6.2AI score0.01261EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.50 views

CVE-2020-14144

DISPUTED The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOO...

7.2CVSS1.7AI score0.93691EPSS
Exploits12References7
Cvelist
Cvelist
added 2020/08/10 5:43 p.m.19 views

CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

8AI score0.01511EPSS
Exploits0References6
OSV
OSV
added 2020/07/29 12:0 a.m.1 views

UBUNTU-CVE-2020-15656

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR 78.1, Firefox 79, and Thunderbird 78.1...

8.8CVSS7.3AI score0.01511EPSS
Exploits0References5
Prion
Prion
added 2020/07/15 11:15 p.m.16 views

Default credentials

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. ABB considers this a well documented functionality that helps customer set up however, out of our research, we found multiple production systems running these exact default...

7.5CVSS9.3AI score0.01424EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2020/06/25 4:0 a.m.22 views

Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai

On June 21, 2020, Akamai mitigated the largest packet per second PPS distributed denial-of-service DDoS attack ever recorded on the Akamai platform. The attack generated 809 million packets per second Mpps, targeting a large European bank...

2.1AI score
Exploits0
HackRead
HackRead
added 2020/06/18 3:7 p.m.24 views

AWS suffers largest ever DDoS attack of 2.3 TBPS

By Waqas The DDoS attack was mitigated by AWS Shield DDoS protection service. This is a post from HackRead.com Read the original post: AWS suffers largest ever DDoS attack of 2.3 TBPS...

3.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/06/11 4:30 p.m.32 views

Imperva Takes on its Largest Recorded Account Takeover Attack on a Single Company

Imperva recently detected and mitigated the largest - and most concentrated - series of brute force ATO account takeover attacks in its history. Over the course of 60 hours from midnight on October 28, our ATO team’s monitoring systems detected more than 44 million ATO attempts on the login page ...

0.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2020/04/03 12:15 a.m.17 views

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

3.5CVSS6AI score0.01216EPSS
Exploits1References4
Prion
Prion
added 2020/04/02 3:15 p.m.27 views

Design/Logic Flaw

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

5CVSS7.4AI score0.17841EPSS
Exploits3References4Affected Software1
Hacker One
Hacker One
added 2019/10/29 11:27 a.m.16 views

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix

https://support.sonatype.com/hc/en-us/articles/360033490774 An OS command injection vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with administrative access to nxrm to execute arbitrary commands on the system. We...

0.8AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2019/10/25 12:0 a.m.33 views

HPSBHF03633 rev.1 - Intel Rapid Storage Technology (RSTe) Driver Installer Vulnerability

Potential Security Impact Escalation of privilege VULNERABILITY SUMMARY HP has been notified of a security vulnerability with the driver pack installers for IntelR RSTe package versions before version 4.7.0.2083 that may allow an authenticated user to escalate privilege via local access. RESOLUTI...

5CVSS3.1AI score0.00277EPSS
Exploits0
OSV
OSV
added 2019/08/14 9:15 p.m.3 views

CVE-2019-1183

This information is being revised to indicate that this CVE CVE-2019-1183 is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required...

8.8CVSS7.2AI score0.04848EPSS
Exploits0References1
Drupal
Drupal
added 2019/05/29 12:0 a.m.17 views

TableField - Moderately critical - Access bypass and Cross Site Scripting - SA-CONTRIB-2019-051

This module allows you to attach tabular data to an entity. Access bypass There's no access check for users with an "Export Tablefield Data as CSV". They can export data from unpublished nodes or otherwise inaccessible entities. This vulnerability is mitigated by the fact that an attacker must ha...

5.8AI score
Exploits0References8
Drupal
Drupal
added 2019/05/22 12:0 a.m.22 views

Workflow - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-049

The Workflow module enables you to create arbitrary Workflows, and assign them to Entities. The module doesn't sufficiently escape HTML in the field settings leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

6AI score
Exploits0References8
FreeBSD
FreeBSD
added 2019/01/02 12:0 a.m.21 views

uriparser -- Out-of-bounds read

Upstream project reports: Out-of-bounds read in uriParseEx for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//::44.1"; mitigated if passed parameter afterLast points to readable memory containing a '\0' byte...

2.6AI score
Exploits0References1
Rows per page
Query Builder