Lucene search
+L

106 matches found

Apple
Apple
added 2020/12/15 6:0 a.m.106 views

About the security content of iOS 14.2 and iPadOS 14.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

9.3CVSS0.9AI score0.22178EPSS
Exploits3Affected Software2
NVD
NVD
added 2020/12/08 8:15 p.m.24 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...

7.8CVSS6.4AI score0.0039EPSS
Exploits0References5
NVD
NVD
added 2020/08/20 1:17 a.m.36 views

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

9.9CVSS9.6AI score0.02434EPSS
Exploits2References4
CVE
CVE
added 2020/08/19 5:50 p.m.88 views

CVE-2020-15149

NodeBB is affected by CVE-2020-15149 where a bug in the validation logic introduced in 1.12.2 allows changing the password of any user via a crafted socket.io call, enabling privilege escalation/account takeover on running forums. The vulnerability affects NodeBB versions up to 1.14.2 (vulnerable...

9.9CVSS9.6AI score0.02434EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.24 views

CVE-2019-7292

A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory...

6.5AI score0.01304EPSS
Exploits0References6
OSV
OSV
added 2019/03/27 1:29 p.m.33 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS6.5AI score0.02131EPSS
Exploits0References8
Prion
Prion
added 2019/03/27 1:29 p.m.26 views

Open redirect

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

4.3CVSS5.8AI score0.02131EPSS
Exploits0References8Affected Software4
RedhatCVE
RedhatCVE
added 2019/03/22 1:49 p.m.31 views

CVE-2019-3877

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS4.4AI score0.02131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.26 views

F5 Networks BIG-IP : TMOS vulnerability (K49440608)

When a specifically configured virtual server receives traffic of an undisclosed nature, the Traffic Management Microkernel TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration that exposes this issue is not common and in general does...

7.8CVSS7.3AI score0.02866EPSS
Exploits0References2
NVD
NVD
added 2018/03/22 6:29 p.m.20 views

CVE-2018-5509

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...

7.8CVSS7.4AI score0.02866EPSS
Exploits0References3
NVD
NVD
added 2017/06/13 6:29 a.m.23 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.8CVSS9.4AI score0.02129EPSS
Exploits0References2
Prion
Prion
added 2017/06/13 6:29 a.m.18 views

Input validation

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

7.5CVSS9.2AI score0.02129EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/06/13 6:29 a.m.17 views

Input validation

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

7.5CVSS7AI score0.01297EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2017/06/13 6:29 a.m.21 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.8CVSS6.8AI score0.02129EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.26 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.4AI score0.02129EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.27 views

CVE-2016-8218

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...

9.4AI score0.01297EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/31 12:0 a.m.20 views

Fedora 24 : fedmsg (2017-a73bc7ac5d)

Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...

7.5CVSS7.2AI score0.01505EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.40 views

Fedora 25 : fedmsg (2017-fff6e1af37)

Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...

7.5CVSS7.2AI score0.01505EPSS
Exploits0References2
Apple
Apple
added 2017/01/23 5:36 a.m.48 views

About the security content of watchOS 3.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

9.3CVSS0.3AI score0.03731EPSS
Exploits5Affected Software1
myhack58
myhack58
added 2014/11/01 12:0 a.m.39 views

Cisco ASA Software Remote Authentication bypass vulnerability-vulnerability warning-the black bar safety net

0x01 vulnerability profile Cisco ASA Software part of the Management Interface authentication when there is validation logic problem, an attacker can bypass the authentication, the unauthorized operation. 0x02 vulnerability principles ! enter image description here By default, the ASA management...

1.8AI score
Exploits0
Rows per page
Query Builder