Lucene search
+L

55 matches found

prion
prion
added 2021/11/20 3:15 p.m.18 views

Hardcoded credentials

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific time window timed to corrupt code execution, which may impact confidentiality, integrity, or...

6.9CVSS7.5AI score0.00302EPSS
Exploits0References1
ics
ics
added 2021/09/14 12:0 a.m.77 views

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

5.3CVSS5.6AI score0.00831EPSS
Exploits0References11
code423n4
code423n4
added 2021/09/05 12:0 a.m.10 views

Time window must be chosen carefully

Handle tensors Vulnerability details Impact The variable timeWindow in the formula of valuation/README.md must be chosen carefully. In fact, it should probably vary with the amount of user volume the protocol has on each asset. Consider what happens when timeWindow is very small 5min. A price...

6.8AI score
Exploits0
osv
osv
added 2021/04/21 11:15 p.m.4 views

CVE-2021-1074

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. This attack requires a user with system administration rights to execute the installer and requires...

7.3CVSS7.2AI score0.00498EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/03/01 12:0 a.m.4 views

Qualcomm 封闭源组件安全漏洞

A security vulnerability exists in the Qualcomm closed source component that stems from a check time or use time window when processing a store SCM command, where a pointer used may be invalid at a specific time when executing a store SCM call...

6.4CVSS6.4AI score0.00136EPSS
Exploits0References3
redhat
redhat
added 2020/07/22 12:38 p.m.6 views

openstack-keystone: failure to check signature TTL of the EC2 credential auth method

A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...

5.5CVSS5.7AI score0.00705EPSS
Exploits0References5
nvd
nvd
added 2020/07/05 1:15 a.m.15 views

CVE-2020-15530

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILESX86%\Steam and/or %COMMONPROGRAMFILESX86%\Steam have weak permissions during a critical time window. An attacker can make this time...

7.8CVSS0.00524EPSS
Exploits1References1
redhat
redhat
added 2020/06/24 12:43 p.m.3 views

openstack-keystone: failure to check signature TTL of the EC2 credential auth method

A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...

5.5CVSS5.7AI score0.00705EPSS
Exploits0References5
osv
osv
added 2019/05/14 4:1 a.m.4 views

GHSA-54MG-VGRP-MWX9 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretically determine the sequence of session IDs...

3.7CVSS5.9AI score0.01315EPSS
Exploits0References4
cnvd
cnvd
added 2018/02/27 12:0 a.m.7 views

Linux kernel denial of service vulnerability (CNVD-2018-06440)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in the Linux kernel prior to 4.14.4. The vulnerability arises because the...

7CVSS7.4AI score0.00378EPSS
Exploits1References1
osv
osv
added 2017/07/28 5:29 a.m.4 views

CVE-2017-11717

MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page...

7.5CVSS5.8AI score0.01129EPSS
Exploits0References1
osv
osv
added 2015/08/14 3:26 p.m.9 views

USN-2710-1 openssh vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...

8.5CVSS6.7AI score0.09302EPSS
Exploits1References3
osv
osv
added 2015/08/02 12:0 a.m.2 views

UBUNTU-CVE-2015-5352

The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time...

4.3CVSS6.7AI score0.05445EPSS
Exploits0References5
attackerkb
attackerkb
added 2014/03/02 5:55 p.m.4 views

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

7.9CVSS5.6AI score0.01053EPSS
Exploits1References3
prion
prion
added 2013/07/16 2:8 p.m.21 views

Design/Logic Flaw

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux RHEL 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service host OS crash by leveraging a time window during which interrup...

5.7CVSS6.6AI score0.00487EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder