Lucene search
K

21307 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-7467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this...

9.8CVSS8.1AI score0.02757EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in...

7.5CVSS7.4AI score0.02431EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2019-14235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri...

7.5CVSS7AI score0.03073EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2015-4598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or...

7.5CVSS7.1AI score0.03917EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2017-0899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem...

9.8CVSS6.8AI score0.1081EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2021-29155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading ...

5.5CVSS6.7AI score0.01071EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/04 12:0 a.m.3 views

PT-2025-9682

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.12 Rack versions prior to 3.0.13 Rack versions prior to 3.1.11 Description The issue concerns the Rack::Sendfile middleware, which logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...

10CVSS7AI score0.35376EPSS
Exploits4References76
RubySec
RubySec
added 2025/03/04 12:0 a.m.15 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-0251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafte...

4CVSS7.3AI score0.07558EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 9:28 a.m.13 views

OPENSUSE-SU-2025:0081-1 Security update for phpMyAdmin

This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature bsc1236312. - CVE-2025-24529: XSS in the 'Insert' tab bsc1236311. - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences bsc1222992. -...

7.3CVSS6.7AI score0.8833EPSS
Exploits16References9
Snyk
Snyk
added 2025/03/03 3:42 a.m.1 views

Directory Traversal

Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Directory Traversal through the RANCID migration page. An attacker can gain control over the Linux user account running the application by exploiting this vulnerability...

9.8CVSS7.4AI score0.24349EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2006-4573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in the utf8 combining characters handling utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted...

2.6CVSS5.9AI score0.02113EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2011-2725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. dot dot sequences i...

6.8CVSS5.7AI score0.02952EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2009-3560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denia...

5CVSS6.9AI score0.24313EPSS
Exploits2References4
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/03 12:0 a.m.19 views

Security update for phpMyAdmin (important)

openSUSE Security Update: Security update for phpMyAdmin Announcement ID: openSUSE-SU-2025:0081-1 Rating: important References: 1222992 1236311 1236312 1238159 Cross-References: CVE-2023-30536 CVE-2024-2961 CVE-2025-24529 CVE-2025-24530 CVSS scores: CVE-2024-2961 SUSE: 8.2...

8.2CVSS7AI score0.8833EPSS
Exploits16References4
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2010-0926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticat...

3.5CVSS7.2AI score0.3053EPSS
Exploits6References2
RedhatCVE
RedhatCVE
added 2025/03/02 9:18 p.m.23 views

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS7.5AI score0.01079EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/02 7:20 a.m.14 views

CVE-2025-0823

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.8AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/02 12:20 a.m.7 views

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

8.8CVSS9.1AI score0.01404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/01 3:22 p.m.17 views

CVE-2024-54169

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.5AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder