Lucene search
K

86 matches found

NVD
NVD
added 2021/07/15 9:15 a.m.25 views

CVE-2021-31999

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...

8.8CVSS0.01052EPSS
Exploits0References1
CVE
CVE
added 2021/07/15 8:55 a.m.63 views

CVE-2021-31999

CVE-2021-31999 describes a Privilege Escalation in Rancher where an attacker can forge Impersonate-User/Impersonate-Group headers to act as other cluster users. Affected: Rancher versions before 2.5.9 and before 2.4.16. Root cause: reliance on untrusted inputs in a security decision. Impact: unau...

8.8CVSS8.5AI score0.01052EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 8:55 a.m.31 views

CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...

8.8CVSS8.8AI score0.01052EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/07/02 12:0 a.m.8 views

Why SecOps Need A Cybersecurity Platform

Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams so you can be more resilient...

2AI score
Exploits0
NVD
NVD
added 2020/12/31 12:15 a.m.23 views

CVE-2020-26291

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

6.5CVSS6.2AI score0.0169EPSS
Exploits0References4
OSV
OSV
added 2020/12/31 12:15 a.m.13 views

CVE-2020-26291

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

6.5CVSS6.9AI score
Exploits0References4
NVD
NVD
added 2020/09/18 6:15 p.m.20 views

CVE-2020-15181

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...

10CVSS0.01423EPSS
Exploits0References2
OSV
OSV
added 2020/09/18 6:15 p.m.13 views

CVE-2020-15181

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...

9.8CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/09/18 6:15 p.m.15 views

Design/Logic Flaw

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...

10CVSS9.1AI score0.01423EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/18 5:55 p.m.23 views

CVE-2020-15181 Admin account takeover in Alfresco Reset Password

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...

9.3CVSS9.3AI score0.01423EPSS
Exploits0References2
CVE
CVE
added 2020/09/18 5:55 p.m.74 views

CVE-2020-15181

CVE-2020-15181 affects the Alfresco Reset Password add-on prior to version 1.2.0. The issue stems from relying on untrusted inputs when making a security decision, allowing an attacker to gain administrator access to the system on affected servers. The vulnerability is fixed in version 1.2.0. In ...

10CVSS9.3AI score0.01423EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/13 2:8 a.m.65 views

CVE-2019-14630

The CVE-2019-14630 issue affects Intel Thunderbolt controllers (Thunderbolt 1–3: DSL3310/3510/4510/4410; DSL5520/5320; DSL6540/6340/JHL6540/JHL6340/JHL6240/JHL7540/JHL7340). Description: reliance on untrusted inputs in a security decision may allow an unauthenticated user with physical access to ...

4.6CVSS4.3AI score0.00338EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2019/11/06 2:0 p.m.48 views

Presentation Template: Build Your 2020 Security Plan

As the end of the year approaches, security decision makers are creating their 2020 plans and running them by management for approval. In most cases, this means requesting and making the case for the necessary resources that need to be allocated, while still providing value to the organization. T...

0.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/09/18 1:0 p.m.67 views

New! RFP Template for Selecting EDR/EPP and APT Security

Once upon a time, only big organizations worried about Advanced Persistent Threats. But it soon became obvious that every organization could find itself under fire, regardless of size or industry, and whether as direct targets or collateral damage. Most security decision makers in these...

0.3AI score
Exploits0References5
Talos
Talos
added 2019/06/10 12:0 a.m.137 views

Schneider Electric Modicon M580 UnityPro reliance on untrusted inputs vulnerability

Summary An exploitable reliance on untrusted inputs vulnerability exists in the strategy transfer function of the Schneider Electric Unity Pro L Programming Software. When a specially crafted strategy is programmed to a Modicon M580 Programmable Automation Controller, and UnityProL is used to rea...

5.3CVSS5.6AI score0.01509EPSS
Exploits0
Prion
Prion
added 2019/05/22 8:29 p.m.17 views

Design/Logic Flaw

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...

5CVSS5.1AI score0.01509EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/05/22 8:0 p.m.37 views

CVE-2018-7850

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...

5.1AI score0.01509EPSS
Exploits0References2
OSV
OSV
added 2018/04/04 4:29 p.m.4 views

CVE-2017-13274

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...

9.8CVSS5.9AI score
Exploits0References1
seebug.org
seebug.org
added 2017/11/09 12:0 a.m.53 views

Circle with Disney Token Routing Vulnerability(CVE-2017-12085)

Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...

8.9AI score0.01671EPSS
Exploits2
Prion
Prion
added 2017/10/27 5:29 a.m.16 views

Design/Logic Flaw

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page...

4.3CVSS5.2AI score0.01247EPSS
Exploits0References6Affected Software4
Rows per page
Query Builder