Lucene search

K

Gwyn's Imagemap Selector Security Vulnerabilities

cvelist
cvelist

CVE-2021-29046

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the...

6.2AI Score

0.001EPSS

2021-05-17 10:27 AM
suse
suse

Security update for the Linux Kernel (important)

An update that solves two vulnerabilities and has 55 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-29650: The netfilter subsystem allowed attackers to cause a ...

5.5CVSS

-0.1AI Score

0.001EPSS

2021-05-12 12:00 AM
39
suse
suse

Security update for opera (important)

An update that fixes 7 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219...

9.6CVSS

0.1AI Score

0.97EPSS

2021-05-11 12:00 AM
32
ibm
ibm

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI...

3.7CVSS

0.2AI Score

0.001EPSS

2021-05-07 07:10 AM
10
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise -CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14781 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component...

3.7CVSS

0.5AI Score

0.001EPSS

2021-05-07 07:05 AM
26
ibm
ibm

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...

3.7CVSS

0.4AI Score

0.001EPSS

2021-05-07 07:01 AM
22
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14782 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries...

3.7CVSS

0.7AI Score

0.001EPSS

2021-05-07 06:55 AM
9
suse
suse

Security update for exim (critical)

An update that fixes 26 vulnerabilities is now available. Description: This update for exim fixes the following issues: Exim was updated to exim-4.94.2 security update (boo#1185631) * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool...

9.8CVSS

-0.5AI Score

0.974EPSS

2021-05-07 12:00 AM
26
suse
suse

Security update for nim (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...

8.8CVSS

0.3AI Score

0.002EPSS

2021-04-29 12:00 AM
9
suse
suse

Security update for nim (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for nim fixes the following issues: num was updated to version 1.2.12: Fixed GC crash resulting from inlining of the memory allocation procs Fixed ���incorrect raises effect for $(NimNode)��� (#17454) From...

8.8CVSS

0.1AI Score

0.002EPSS

2021-04-26 12:00 AM
7
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:2856-1)

The remote host is missing an update for...

6.5CVSS

7.9AI Score

0.001EPSS

2021-04-19 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:2864-1)

The remote host is missing an update for...

6.5CVSS

7.9AI Score

0.001EPSS

2021-04-19 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:2751-1)

The remote host is missing an update for...

6.5CVSS

8.6AI Score

0.001EPSS

2021-04-19 12:00 AM
3
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:2873-1)

The remote host is missing an update for...

6.5CVSS

7.9AI Score

0.001EPSS

2021-04-19 12:00 AM
5
nessus
nessus

FreeBSD : Apache Maven -- multiple vulnerabilities (20006b5f-a0bc-11eb-8ae6-fc4dd43e2b6a)

The Apache Maven project reports : We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues : Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More and more repositories...

9.1CVSS

7AI Score

0.002EPSS

2021-04-19 12:00 AM
20
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:0575-1)

The remote host is missing an update for...

9.8CVSS

7.1AI Score

0.038EPSS

2021-04-19 12:00 AM
1
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2021:1165-1)

The remote host is missing an update for...

7.5CVSS

6.9AI Score

0.002EPSS

2021-04-19 12:00 AM
4
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2017:0471-1)

The remote host is missing an update for...

7.8CVSS

8.1AI Score

0.052EPSS

2021-04-19 12:00 AM
1
rapid7blog
rapid7blog

Rapid7 Announces General Availability for Scoped Executive Summary Report in InsightVM

Security teams often struggle to demonstrate the efficacy and progress of their organization’s vulnerability and remediation management program. This is a result of the complexity around identifying, collecting, and visualizing complicated metrics. InsightVM’s Executive Summary Report has proved...

0.3AI Score

2021-04-16 01:46 PM
31
kitploit
kitploit

MoveKit - Cobalt Strike Kit For Lateral Movement

Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a.....

8.1AI Score

2021-04-14 09:30 PM
237
nessus
nessus

SUSE SLES12 Security Update : glibc (SUSE-SU-2021:1165-1)

This update for glibc fixes the following issues : CVE-2020-27618: Accept redundant shift sequences in IBM1364 (bsc#1178386) CVE-2020-29562: Fix incorrect UCS4 inner loop bounds (bsc#1179694) CVE-2020-29573: Harden printf against non-normal long double values (bsc#1179721) Check vector support in.....

7.5CVSS

7.1AI Score

0.002EPSS

2021-04-14 12:00 AM
105
nessus
nessus

openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be...

9.8CVSS

8.6AI Score

0.006EPSS

2021-04-12 12:00 AM
143
wpvulndb
wpvulndb

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

1AI Score

0.001EPSS

2021-04-10 12:00 AM
11
suse
suse

Security update for the Linux Kernel (important)

An update that solves 21 vulnerabilities and has 74 fixes is now available. Description: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-3444: Fixed an issue with the bpf verifier which did not ...

9.8CVSS

1.2AI Score

0.006EPSS

2021-04-10 12:00 AM
28
wpexploit
wpexploit

Contact Form Check Tester <= 1.0.2 - Broken Access Control to Cross-Site Scripting (XSS)

The plugin settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege...

0.4AI Score

0.001EPSS

2021-04-10 12:00 AM
276
freebsd
freebsd

Apache Maven -- multiple vulnerabilities

The Apache Maven project reports: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. We've split this up into three separate issues: Possible Man-In-The-Middle-Attack due to custom repositories using HTTP. More...

9.1CVSS

-0.3AI Score

0.002EPSS

2021-04-04 12:00 AM
84
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - 180875

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** Third Party Entry: 180875 DESCRIPTION: **jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal...

-0.1AI Score

2021-03-23 06:47 AM
6
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-7656

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-7656 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...

6.1CVSS

0.2AI Score

0.002EPSS

2021-03-23 06:41 AM
12
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-11023 DESCRIPTION: **jQuery is vulnerable to cross-site scripting, caused by improper...

6.1CVSS

0.5AI Score

0.061EPSS

2021-03-23 06:32 AM
23
nessus
nessus

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0874 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

8.1CVSS

6.9AI Score

0.006EPSS

2021-03-17 12:00 AM
33
nessus
nessus

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

8.1CVSS

7.2AI Score

0.006EPSS

2021-03-17 12:00 AM
32
nessus
nessus

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0873)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0873 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

8.1CVSS

6.9AI Score

0.006EPSS

2021-03-17 12:00 AM
25
redhat
redhat

(RHSA-2021:0874) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

0.4AI Score

0.006EPSS

2021-03-16 01:03 PM
47
redhat
redhat

(RHSA-2021:0873) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

0.4AI Score

0.006EPSS

2021-03-16 01:03 PM
51
redhat
redhat

(RHSA-2021:0872) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes.....

0.4AI Score

0.006EPSS

2021-03-16 01:02 PM
63
ubuntu
ubuntu

Symfony vulnerability

Releases Ubuntu 18.04 ESM Packages symfony - set of reusable components and framework for web projects Details It was discovered that Symfony through the HttpFoundation component allowed unauthorized access on a misconfigured LDAP server. A remote attacker could use this vulnerability to gain...

9.8CVSS

9.6AI Score

0.006EPSS

2021-03-15 12:00 AM
9
ics
ics

Schneider Electric EcoStruxure Building Operation (EBO)

EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Building Operation Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity...

8.8CVSS

8.5AI Score

0.002EPSS

2021-03-08 12:00 PM
257
ibm
ibm

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the...

4.2CVSS

0.7AI Score

0.002EPSS

2021-02-22 07:26 AM
13
ibm
ibm

Security Bulletin: IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details ** CVEID: CVE-2020-14779 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization...

4.2CVSS

1.2AI Score

0.002EPSS

2021-02-22 07:19 AM
13
osv
osv

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

7.4AI Score

0.001EPSS

2021-02-02 10:15 PM
1
cve
cve

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

7.4AI Score

0.001EPSS

2021-02-02 10:15 PM
43
3
nvd
nvd

CVE-2021-21294

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

0.001EPSS

2021-02-02 10:15 PM
prion
prion

Design/Logic Flaw

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

7.5AI Score

0.001EPSS

2021-02-02 10:15 PM
3
osv
osv

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

7.5CVSS

0.1AI Score

0.001EPSS

2021-02-02 09:42 PM
13
github
github

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

7.5CVSS

0.1AI Score

0.001EPSS

2021-02-02 09:42 PM
57
cvelist
cvelist

CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server

Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its.....

7.5CVSS

7.7AI Score

0.001EPSS

2021-02-02 09:40 PM
redhat
redhat

(RHSA-2021:0248) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....

-0.3AI Score

0.002EPSS

2021-01-25 04:11 PM
65
redhat
redhat

(RHSA-2021:0247) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....

-0.3AI Score

0.002EPSS

2021-01-25 04:11 PM
56
redhat
redhat

(RHSA-2021:0246) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.4, and includes bug fixes.....

-0.3AI Score

0.002EPSS

2021-01-25 04:10 PM
121
nessus
nessus

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0246 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

7.5CVSS

6.8AI Score

0.002EPSS

2021-01-25 12:00 AM
113
Total number of security vulnerabilities1696