Lucene search
K

208 matches found

Prion
Prion
added 2024/01/08 9:15 a.m.20 views

Design/Logic Flaw

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

5.5CVSS7.1AI score0.00546EPSS
Exploits0References2Affected Software1
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.4 views

Missing pause check in transferAssetToNodeDelegator()

Lines of code Vulnerability details Summary The function transferAssetToNodeDelegator present in the LRTDepositPool contact ignores the contract's pause state. Impact The LRTDepositPool contract contains a functionality to pause the contract in case of an emergency. 208: function pause external...

7AI score
Exploits0
Prion
Prion
added 2023/11/14 7:15 p.m.20 views

Out-of-bounds

Insufficient bounds checking in the ASP AMD Secure Processor may allow an attacker to access memory outside the bounds of what is permissible to a TA Trusted Application resulting in a potential denial of service...

1.7CVSS7AI score0.00211EPSS
Exploits0References2Affected Software2
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.6 views

Missing deadline checks

Lines of code Vulnerability details Consider addings implementation to handle the expiration of the transaction for additional security. To implement a transaction expiration mechanism in the emergencyWithdraw add a timestamp check to ensure that the transaction is executed only within a certain...

6.9AI score
Exploits0
CNVD
CNVD
added 2023/09/15 12:0 a.m.26 views

Command Execution Vulnerability in 4A Unified Security Control Platform of Beijing Qixingchen Information Security Technology Co.

Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...

7.8CVSS7.4AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2023/09/12 9:32 a.m.56 views

CVE-2023-40729

CVE-2023-40729 affects Siemens QMS Automotive: all versions prior to V12.39 are vulnerable due to unencrypted (HTTPS-free) communications, enabling MITM manipulation or theft of confidential data. Connected documents confirm the issue in QMS Automotive and specify the root cause as lack of securi...

7.4CVSS7.4AI score0.00246EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.10 views

Sponsor function allows voiding some elses chance to win

Lines of code Vulnerability details Impact Anyone can delegate someone elses balance to the sponsorship address, increasing their own likelihood of winning, while voiding the victims chance. Proof of Concept The issue is in the call-chain starting with Vault.sponsor: //Vault function sponsoruint2...

6.7AI score
Exploits0
Huntr
Huntr
added 2023/06/14 5:7 p.m.10 views

Able to change username that is by default unchangeable

Description The website receives input from the user that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. Proof of Concept Step 1: We have a user with ID 18833 and the...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/06/08 8:55 p.m.16 views

What are the impacts of FedRAMP® Rev. 5?

The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...

7AI score
Exploits0
NVD
NVD
added 2023/06/07 6:15 p.m.18 views

CVE-2023-34108

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted...

8.8CVSS8.6AI score0.00979EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/06/02 10:16 a.m.41 views

The Importance of Managing Your Data Security Posture

Data security is reinventing itself. As new data security posture management solutions come to market, organizations are increasingly recognizing the opportunity to provide evidence-based security that proves how their data is being protected. But what exactly is data security posture, and how do...

7AI score
Exploits0
CVE
CVE
added 2023/05/19 8:44 p.m.72 views

CVE-2023-32677

CVE-2023-32677 (Zulip) affects Zulip Server 6.1 and earlier, where the UI for inviting a new user could let the inviter configure which streams the new user is invited to, potentially granting invitations to streams the inviter could not add users to. The underlying issue is a mismatch between wh...

3.1CVSS4AI score0.00563EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.220 views

Symantec Endpoint Protection Client < 14.3 RU5 Security Control Bypass

The version of Symantec Endpoint Protection Client SEP installed on the remote host is prior to 14.3 RU5 Patch 1. It is therefore affected by a Security Control Bypass if Client User Interface Password protection and/or Policy Import/Export Password protection is enabled. CVE-2022-37017 Note that...

7.5CVSS7.4AI score0.01096EPSS
Exploits1References2
Hacker One
Hacker One
added 2023/02/15 9:14 a.m.250 views

Internet Bug Bounty: CVE-2023-23915: HSTS amnesia with --parallel

Multiple transfers in parallel using curl's HSTS cache saving feature resulted in the cache file being overwritten by the most recently completed transfer, causing a later HTTP-only transfer to the earlier hostname to not get upgraded properly to HSTS, leading to a bypass of intended security...

6.5CVSS6.7AI score0.00861EPSS
Exploits0
Hacker One
Hacker One
added 2023/02/15 9:12 a.m.139 views

Internet Bug Bounty: CVE-2023-23914: HSTS ignored on multiple requests

Multiple requests made using curl's HSTS functionality ignored the HTTPS protocol and used an insecure clear-text HTTP step instead. This was due to the state not being properly carried on, allowing the bypass of intended security controls. The vulnerability was assigned CVE-2023-23914 and had a...

9.1CVSS7.7AI score0.00858EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/12/30 12:0 a.m.60 views

Symantec Endpoint Protection Manager < 14.3 RU5 Security Control Bypass (deprecated)

This plugin has been deprecated. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2009/04/02. Deprecated by symantecendpointprotclient143RU5P1.nasl. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid169425; scriptversion"1.3";...

7.5CVSS0.1AI score0.01096EPSS
Exploits1References2
NVD
NVD
added 2022/12/01 2:15 p.m.28 views

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

7.5CVSS0.01096EPSS
Exploits1References1
Prion
Prion
added 2022/12/01 2:15 p.m.27 views

Security feature bypass

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

5CVSS7.5AI score0.01096EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/12/01 12:0 a.m.30 views

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

7.7AI score0.01096EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.6 views

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

7.1AI score0.01096EPSS
Exploits1References1
Rows per page
Query Builder