Lucene search
+L

208 matches found

osv
osv
added 2021/04/13 8:15 p.m.30 views

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

7.2CVSS6.3AI score
Exploits0References2
nvd
nvd
added 2020/12/17 5:15 a.m.12 views

CVE-2020-27199

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for...

7.5CVSS7.9AI score0.02875EPSS
Exploits4References1
cve
cve
added 2020/12/17 4:7 a.m.90 views

CVE-2020-27199

CVE-2020-27199 affects Magic Home Pro on Android (1.5.1). The issue is an Authentication Bypass enabling full control of a victim’s device group via token forgery and endpoint enumeration. Attack chain described includes: (1) enumerate bound users by mac address to obtain userName/userUniID/binde...

7.5CVSS7.8AI score0.02875EPSS
Exploits4References1Affected Software1
cnvd
cnvd
added 2020/11/18 12:0 a.m.5 views

Aviatrix Controller htaccess Security Control Bypass Vulnerability

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An htaccess security control bypass vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker can exploit this vulnerability to download files...

7.5CVSS6.8AI score0.01488EPSS
Exploits1References1
qualysblog
qualysblog
added 2020/11/16 5:0 p.m.71 views

Securing Containers in Google Cloud Artifact Registry with Qualys

Container software supply chain is an area of concern for security teams in large and small enterprises because developers often make use of container images from a variety of public repositories. A single insecure container image can be instantiated several times and lead to a wide, diffused...

Exploits0
zdt
zdt
added 2020/08/22 12:0 a.m.466 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...

7.7AI score
Exploits0
packetstorm
packetstorm
added 2020/08/21 12:0 a.m.350 views

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...

0.5AI score
Exploits0
fedora
fedora
added 2020/07/01 1:51 a.m.27 views

[SECURITY] Fedora 32 Update: lynis-3.0.0-1.fc32

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

4.2CVSS0.8AI score0.00365EPSS
Exploits0
fedora
fedora
added 2020/07/01 1:37 a.m.28 views

[SECURITY] Fedora 31 Update: lynis-3.0.0-1.fc31

Lynis is an auditing and hardening tool for Unix/Linux and you might even c all it a compliance tool. It scans the system and installed software. Then it performs many individual security control checks. It determines the hardeni ng state of the machine, detects security issues and provides...

4.2CVSS0.8AI score0.00365EPSS
Exploits0
symantec
symantec
added 2020/06/12 8:41 p.m.133 views

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...

7.8CVSS0.9AI score0.81466EPSS
Exploits14Affected Software1
hackerone
hackerone
added 2020/04/20 6:18 p.m.41 views

X (Formerly Twitter): 暴力破解用户密码没有速率控制

http://www.twitter.com的登录功能存在一个问题,只限制了单个用户尝试登录系统的错误次数,并不限制用固定的密码去尝试登录不同用户,或者是撞库 请您跟着视频操作,否则无法复现到此问题 Impact 暴力破解用户密码没有速率控制...

6.9AI score
Exploits0
nvd
nvd
added 2020/02/07 11:15 p.m.31 views

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

5.9CVSS5.7AI score0.006EPSS
Exploits0References1
prion
prion
added 2020/02/07 11:15 p.m.20 views

Design/Logic Flaw

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

4.3CVSS5.7AI score0.006EPSS
Exploits0References1Affected Software22
cvelist
cvelist
added 2020/02/07 10:45 p.m.40 views

CVE-2019-13163

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V...

5.7AI score0.006EPSS
Exploits0References1
nessus
nessus
added 2020/02/05 12:0 a.m.47 views

LibreOffice 6.2.6 / 6.3.1 Security Control Bypass (Windows)

According to its self-reported version, the LibreOffice application running on the remote host is prior to 6.2.6. It is, therefore, affected by a flaw in how LibreOffice sanitizes user supplied input when decoding URL encoded characters in the macro location. This can result in macros within a...

7.8CVSS7.2AI score0.03188EPSS
Exploits1References2
hackerone
hackerone
added 2020/01/27 12:5 a.m.340 views

Slack: Remote Code Execution in Slack desktop apps + bonus

Summary With any in-app redirect - logic/open redirect, HTML or javascript injection it's possible to execute arbitrary code within Slack desktop apps. This report demonstrates a specifically crafted exploit consisting of an HTML injection, security control bypass and a RCE Javascript payload. Th...

8.2AI score
Exploits0
debiancve
debiancve
added 2020/01/10 3:8 p.m.35 views

CVE-2020-1765

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...

5.3CVSS4.8AI score0.01499EPSS
Exploits0
cvelist
cvelist
added 2019/10/09 7:26 p.m.21 views

CVE-2019-0057 NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.

An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager JDM application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1,...

7.8CVSS7.9AI score0.00379EPSS
Exploits0References1
redhat
redhat
added 2019/08/06 1:57 p.m.61 views

Moderate: Red Hat Security Advisory: libcgroup security update

An update for libcgroup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS6.6AI score0.02316EPSS
Exploits0References3
qualysblog
qualysblog
added 2019/07/11 2:30 p.m.61 views

Qualys Policy Compliance Notification: Policy Library Updates (April, May)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

0.8AI score
Exploits0
Rows per page
Query Builder