Lucene search
+L

128 matches found

NVD
NVD
added 2023/11/14 11:15 a.m.21 views

CVE-2023-44322

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.0, SCALANCE...

5.9CVSS0.00879EPSS
Exploits0References6
Prion
Prion
added 2023/11/14 11:15 a.m.19 views

Design/Logic Flaw

Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of user...

2.6CVSS5.7AI score0.00879EPSS
Exploits0References5Affected Software71
NVD
NVD
added 2023/10/27 9:15 p.m.37 views

CVE-2023-40120

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00093EPSS
Exploits0References2
Prion
Prion
added 2023/10/27 9:15 p.m.21 views

Input validation

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS7.8AI score0.00093EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/27 8:22 p.m.4 views

CVE-2023-40120

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.9AI score0.00093EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/10/05 2:38 a.m.8 views

unifiedproducts.com Cross Site Scripting vulnerability OBB-3721340

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2023/10/01 12:0 a.m.25 views

ASB-A-274775190

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00093EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/08/23 6:30 p.m.25 views

Apache Airflow Session Fixation vulnerability

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

8CVSS6.8AI score0.01366EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/08/23 4:15 p.m.16 views

PYSEC-2023-158

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

8CVSS6.8AI score0.01366EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2023/07/09 2:46 p.m.16 views

spencer-properties.co.uk Cross Site Scripting vulnerability OBB-3494794

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
CVE
CVE
added 2023/07/05 9:1 a.m.119 views

CVE-2023-37204

CVE-2023-37204 affects Mozilla Firefox before 115. The issue arises from obscuring fullscreen notifications via an option element and inducing lag with an expensive computation, potentially causing user confusion and spoofing. Remediation: update Firefox to the latest version (per MFSA2023-22 / A...

6.5CVSS6.4AI score0.00515EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.6 views

SUSE CVE-2019-11754

When the pointer lock is enabled by a website though requestPointerLock, no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox 69.0.1...

6.5CVSS8.3AI score0.00624EPSS
Exploits0References4
Code423n4
Code423n4
added 2023/02/05 12:0 a.m.8 views

Upgraded Q -> 2 from #251 [1675573596034]

Judge has assessed an item in Issue 251 as 2 risk. The relevant finding follows: L-03 The claim function might use an amount of gas greater than the block gas limit. Description: The claim function at the Quest.sol contract can consume an amount of gas greater than the block gas limit if the user...

6.9AI score
Exploits0
Veracode
Veracode
added 2023/01/03 12:33 p.m.17 views

Business Logic Errors

rdiffweb is vulnerable to business logic errors. The vulnerability exists because the library does not properly trigger notifications when adding an ssh key which allows an attacker to add any ssh key without aware of the user...

9.8CVSS8.9AI score0.00967EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/22 8:15 p.m.9 views

CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS8.7AI score
Exploits0References4
OSV
OSV
added 2022/12/22 8:15 p.m.4 views

CVE-2022-45404

Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS8.7AI score
Exploits0References4
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.30 views

CVE-2022-45404

Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS8.2AI score0.0061EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.19 views

CVE-2022-45404

Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS7.5AI score0.0061EPSS
Exploits0
Prion
Prion
added 2022/11/23 9:15 p.m.19 views

Default credentials

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

4.3CVSS6.6AI score0.0045EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.9 views

CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.2CVSS6.7AI score0.0045EPSS
Exploits0References5
Rows per page
Query Builder