Lucene search
K

318 matches found

OSV
OSV
added 2019/08/05 5:15 p.m.19 views

CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess...

7.5CVSS7AI score0.01119EPSS
Exploits0References2
NVD
NVD
added 2019/06/06 3:29 p.m.17 views

CVE-2019-5295

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...

6.4CVSS6.4AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/06/06 2:39 p.m.18 views

CVE-2019-5295

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...

6.4AI score0.00223EPSS
Exploits0References1
Veeam
Veeam
added 2019/05/21 3:34 p.m.21 views

Migrating VAO 1.0 Deployment to Version 2.0

Challenge Upgrade of Veeam Availability Orchestrator to version 2.0 is not supported. However, you have an option to migrate your VAO 1.0 configuration to version 2.0 with minimal downtime. This KB article briefly describes architectural changes introduced in 2.0 version and provides step-by-step...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/02/26 12:0 a.m.2 views

GNU Binutils libiberty heap buffer overflow vulnerability (CNVD-2019-22417)

GNU Binutils GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project. The programs are primarily designed to work with target files in a variety of formats, and provide linkers, assemblers, and other tools for target files and archives...

5.5CVSS8.7AI score0.01813EPSS
Exploits1References1
OSV
OSV
added 2019/01/14 10:29 p.m.3 views

UBUNTU-CVE-2019-6286

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skipoverscopes in prelexer.hpp when called from Sass::Parser::parseimport, a similar issue to CVE-2018-11693...

6.5CVSS7.1AI score0.02115EPSS
Exploits1References4
NVD
NVD
added 2018/11/19 2:29 p.m.21 views

CVE-2018-15761

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their...

9.9CVSS9.4AI score0.01713EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/07/31 5:47 a.m.34 views

Homebrew: GitHub API Key for BrewTestBot is publicly exposed

Hello! While browsing through some old reports, I found that https://jenkins.brew.sh was publicly accessible. I got curious when I saw one of the brew bottle builds doing a git push to BrewTestBot/homebrew-core, and wondered if the credentials to make authenticated pushes were accessible. Sure...

7AI score
Exploits0
OSV
OSV
added 2018/06/04 6:29 a.m.2 views

DEBIAN-CVE-2018-11693

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skipoverscopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service...

8.1CVSS6.7AI score0.0137EPSS
Exploits1References1
NVD
NVD
added 2018/04/30 4:29 a.m.22 views

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

7.5CVSS7.6AI score0.01271EPSS
Exploits0References1
OSV
OSV
added 2018/04/30 4:29 a.m.4 views

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

7.5CVSS5.8AI score0.01271EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/30 4:0 a.m.27 views

CVE-2018-10550

In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to...

7.6AI score0.01271EPSS
Exploits0References1
OSV
OSV
added 2018/03/09 4:29 p.m.5 views

CVE-2018-7996

Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter...

6.1CVSS5.8AI score0.00675EPSS
Exploits1References1
0day.today
0day.today
added 2018/01/18 12:0 a.m.57 views

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

Exploit for windows platform in category dos / poc / Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; +...

7.6CVSS7.5AI score0.6787EPSS
Exploits4
Packet Storm
Packet Storm
added 2018/01/18 12:0 a.m.53 views

Microsoft Edge Chakra Deferred Parsing

Microsoft Edge: Chakra: Deferred parsing makes wrong scopes 2 CVE-2018-0775 Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: // Enable the flag using '\n'.repeat0x1000 evalfunction f with function...

0.4AI score0.6787EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/01/17 12:0 a.m.22 views

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

/ Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; + '\n'.repeat0x1000; PoC 2: // ./ch poc.js -ForceDeferParse...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/01/17 12:0 a.m.13 views

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2)

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes 2 / Since the PoC is only triggerable when the "DeferParse" flag enabled and requires a with statement, I think this is simillar to issue 1310 . PoC: / // Enable the flag using '\n'.repeat0x1000 evalfunction f with function printf; ; ; +...

1AI score
Exploits0
exploitpack
exploitpack
added 2017/09/21 12:0 a.m.16 views

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot...

0.3AI score
Exploits0
NVD
NVD
added 2016/09/25 8:59 p.m.16 views

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

6.5CVSS6.1AI score0.0186EPSS
Exploits0References8
CVE
CVE
added 2016/09/25 8:0 p.m.133 views

CVE-2016-5172

CVE-2016-5172 : The V8 parser used in Google Chrome/Chromium mishandles scopes, enabling a remote attacker to obtain sensitive information from arbitrary memory locations via crafted JavaScript. Affected product scope includes Google Chrome and Chromium builds prior to 53.0.2785.113. Remediation ...

6.5CVSS6.1AI score0.0186EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder