Lucene search
K

21310 matches found

Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.5 views

PT-2025-8949 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue allows an authenticated attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.9AI score0.00435EPSS
Exploits0References4
Snyk
Snyk
added 2025/02/26 8:9 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper limitation of a pathname to a restricted directory in the asset upload functionality. An attacker can upload files to directories outside of the intended temporary directory by manipulating file paths...

5.4CVSS7.8AI score0.00536EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:47 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...

4.8CVSS5AI score0.00645EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.14 views

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)

The version of php installed on the remote host is prior to 8.2.27-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

9.8CVSS7.4AI score0.02286EPSS
Exploits6References18
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.10 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

9.8CVSS7.3AI score0.02286EPSS
Exploits6References18
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.10 views

Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)

The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

9.8CVSS7.4AI score0.02286EPSS
Exploits6References18
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 8:34 p.m.34 views

Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)

Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...

7.5CVSS7.6AI score0.00843EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/25 1:12 p.m.3 views

SUSE-SU-2025:20128-1 Security update for vim

This update for vim fixes the following issues: vim was updated to 9.1.1101: - CVE-2024-43374: Fixed use-after-free in alistadd bsc1229238 - CVE-2024-43790: Fixed Out of bounds read when performing a search command bsc1229685 - CVE-2024-43802: Fixed heap-buffer-overflow in instypebuf bsc1229822 -...

7.8CVSS6.1AI score0.00492EPSS
Exploits1References18
SUSE Linux
SUSE Linux
added 2025/02/25 1:11 p.m.3 views

Security update for vim

This update for vim fixes the following issues: vim was updated to 9.1.1101: CVE-2024-43374: Fixed use-after-free in alistadd bsc1229238 CVE-2024-43790: Fixed Out of bounds read when performing a search command bsc1229685 CVE-2024-43802: Fixed heap-buffer-overflow in instypebuf bsc1229822...

4.6CVSS7.6AI score0.00492EPSS
Exploits1References34
The Hacker News
The Hacker News
added 2025/02/25 10:22 a.m.14 views

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants with different hashes of...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 5:52 a.m.7 views

Security Bulletin: IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201

Summary IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

8.8CVSS9.4AI score0.005EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/02/25 12:0 a.m.8 views

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/02/25 12:0 a.m.11 views

Medium: php

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2024:2859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3CVSS5.5AI score0.00778EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2024:2928-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3CVSS5.5AI score0.00778EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.9 views

openSUSE Security Advisory (SUSE-SU-2024:2568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.00876EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2024:2858-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3CVSS5.5AI score0.00778EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:1943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS6.1AI score0.02242EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.12 views

Siemens SIMATIC S7-1500 TM MFP BIOS Out-of-bounds Read (CVE-2019-25013)

The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

7.1CVSS7AI score0.03538EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.7 views

Siemens SIMATIC S7-1500 TM MFP BIOS Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-2020-27618)

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

5.5CVSS6.6AI score0.00887EPSS
Exploits1References5
Rows per page
Query Builder