Lucene search
K

273 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.5 views

SUSE CVE-2013-2037

httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary...

2.6CVSS6.9AI score0.01324EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-7273

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.5AI score0.00928EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

6.5CVSS6.9AI score0.01817EPSS
Exploits0References7
OSV
OSV
added 2022/09/23 1:15 p.m.3 views

UBUNTU-CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

7.7CVSS6.9AI score0.00586EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.7 views

HUAWEI HarmonyOS 数据伪造问题漏洞

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. HUAWEI HarmonyOS version 2.0 has a security vulnerability, the vulnerability stems from the existence of recovery module upgrade package...

7.5CVSS7.3AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/03 12:0 a.m.4 views

PT-2022-3561 · Google +1 · Google-Oauth-Java-Client +1

Name of the Vulnerable Software and Affected Versions: google-oauth-java-client versions prior to 1.33.3 Description: The vulnerability is related to the IDToken verifier not verifying if a token is properly signed. This allows an attacker to provide a compromised token with a custom payload, whi...

8.7CVSS7.8AI score0.00287EPSS
Exploits0References23
OSV
OSV
added 2022/04/21 6:15 p.m.5 views

CVE-2020-14122

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage...

5.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/04/12 5:15 p.m.18 views

Privilege escalation

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed...

7.2CVSS7.6AI score0.00104EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.4 views

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of objects before performing operations on them, which can be exploited by attackers to execute code in the context of the current process...

8.8CVSS5.9AI score0.02543EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.4 views

Microsoft Azure Sphere 数据伪造问题漏洞

Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...

6.7CVSS5.6AI score0.00547EPSS
Exploits0References5
OSV
OSV
added 2021/07/08 7:15 p.m.6 views

CVE-2021-1585

A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...

8.1CVSS7.8AI score0.19958EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.4 views

Foxit Reader 资源管理错误漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A double release remote code execution vulnerability exists in Foxit Reader U3D file parsing. The vulnerability stems from not verifying the existence of an object before performing further release operations on it. An attacke...

7.8CVSS6.5AI score0.02819EPSS
Exploits0References3
OSV
OSV
added 2020/12/31 8:15 a.m.2 views

CVE-2020-25846

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...

7.4CVSS7.1AI score0.00962EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/24 12:0 a.m.6 views

PT-2020-12548 · Hyperledger · Hyperledger Indy Node

Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...

8.7CVSS7.1AI score0.00933EPSS
Exploits1References13
OSV
OSV
added 2020/09/17 5:15 p.m.4 views

CVE-2020-25490

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine...

7.3CVSS7.2AI score0.01152EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.5 views

The vulnerability of the ClearFuncs component in the configuration management system and the remote execution of SaltStack operations allows a perpetrator to gain access to confidential data.

The vulnerability of the ClearFuncs component in the configuration management system and remote execution of SaltStack operations is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...

6.8CVSS7.7AI score0.86063EPSS
Exploits17References8Affected Software3
OSV
OSV
added 2020/07/31 6:15 p.m.2 views

UBUNTU-CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS7.3AI score0.00914EPSS
Exploits1References5
OSV
OSV
added 2020/05/26 11:15 p.m.11 views

UBUNTU-CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

5.9CVSS5.8AI score0.01928EPSS
Exploits1References5
CNVD
CNVD
added 2020/05/09 12:0 a.m.3 views

BOMBBA Authorization Issue Vulnerability

BOMBBA BOMB is a cryptocurrency.A security vulnerability exists in the 'quaker' function of BOMB's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smart contrac...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/05/09 12:0 a.m.4 views

Business Alliance Financial Circle has a logic flaw vulnerability

Business Alliance Financial Circle BAFC is a cryptocurrency.A security vulnerability exists in the 'UBSexToken' function in BAFC's smart contract implementation, which stems from the fact that the function is publicly available and does not check the identity of the caller. The vulnerability can ...

6.9AI score
Exploits0
Rows per page
Query Builder