Lucene search
K

14 matches found

OSV
OSV
added 2021/08/23 6:15 p.m.0 views

DEBIAN-CVE-2021-39149

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation t...

8.5CVSS7.7AI score0.04735EPSS
Exploits1References1
NVD
NVD
added 2017/10/18 6:29 p.m.22 views

CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol PXP Command...

7.2CVSS7.5AI score0.02241EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2017/10/18 6:0 p.m.46 views

CVE-2016-5714

Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol PXP Command...

7.2CVSS7.5AI score0.02241EPSS
Exploits0
NVD
NVD
added 2015/09/20 5:59 p.m.24 views

CVE-2015-5637

The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.8CVSS6.6AI score0.01093EPSS
Exploits0References3
Prion
Prion
added 2015/09/20 5:59 p.m.10 views

Design/Logic Flaw

The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.8CVSS6.7AI score0.01093EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/09/20 5:59 p.m.23 views

CVE-2015-5632

The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.8CVSS6.2AI score0.01093EPSS
Exploits0References3
CVE
CVE
added 2015/09/20 5:0 p.m.46 views

CVE-2015-5636

CVE-2015-5636 affects Newphoria Reversi on Android up to version 1.0.2 and iOS up to 1.1 (the advisory cites Android 1.0.3 and iOS 1.2 as non-vulnerable). The issue is a bypass of the URL whitelist protection, allowing an attacker to obtain API access via unspecified vectors by abusing the app’s ...

6.8CVSS6.3AI score0.01093EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/09/20 5:0 p.m.17 views

CVE-2015-5634

The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.2AI score0.01503EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/09/20 5:0 p.m.23 views

CVE-2015-5632

The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.2AI score0.01093EPSS
Exploits0References3
Prion
Prion
added 2015/09/11 9:59 p.m.14 views

Code injection

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

6.8CVSS6.7AI score0.01118EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2014/12/19 3:59 p.m.15 views

Authentication flaw

The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package...

4.3CVSS7AI score0.00785EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/03/03 4:50 a.m.15 views

Design/Logic Flaw

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring...

7.5CVSS7.2AI score0.09982EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2014/03/03 4:50 a.m.30 views

CVE-2012-6637

Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanism via a domain name that contains an acceptable name as an initial substring...

7.5CVSS5.9AI score0.09982EPSS
Exploits1References2
Prion
Prion
added 2013/04/16 8:55 p.m.19 views

Security feature bypass

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834...

5CVSS6.7AI score0.00895EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder