Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logic flaw vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-8761
protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing malicious users to modify a price, before form submission, by observing data in a packet capture.
Yxcms Yxcms 1.4.7
NA
CVE-2024-2004
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoc...
445
VMScore
CVE-2021-24046
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software prior to 2107460.6810.0.
Ray-ban Stories Rw4003 65582v 48-23 Firmware
Ray-ban Stories Rw4002 601\\/71 50-22 Firmware
Ray-ban Stories Rw4005 656013 51-20 Firmware
Ray-ban Stories Rw4005 6563m3 51-20 Firmware
NA
CVE-2024-22206
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Clerk Javascript
668
VMScore
CVE-2016-4322
BMC BladeLogic Server Automation (BSA) prior to 8.7 Patch 3 allows remote malicious users to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process.
Bmc Bladelogic Server Automation Console 8.7.00
NA
CVE-2023-4380
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an malicious user to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, an...
Redhat Ansible Automation Platform 2.4
Redhat Ansible Developer 1.1
Redhat Ansible Inside 1.2
668
VMScore
CVE-2013-6945
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows malicious users to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
Osehra Vista -
NA
CVE-2022-23948
A flaw was found in Keylime prior to 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.
Keylime Keylime
578
VMScore
CVE-2020-10778
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Redhat Cloudforms 4.7
Redhat Cloudforms 5.0.0
641
VMScore
CVE-2020-27187
An issue exists in KDE Partition Manager 4.1.0 prior to 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning r...
Kde Partition Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »