Lucene search
+L

244 matches found

nessus
nessus
added 2024/03/06 12:0 a.m.21 views

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-006)

The version of postgresql installed on the remote host is prior to 14.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL14-2024-006 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

8CVSS7.9AI score0.01465EPSS
Exploits0References4
nessus
nessus
added 2024/02/20 12:0 a.m.21 views

Amazon Linux 2 : atril (ALASMATE-DESKTOP1.X-2024-006)

The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-006 advisory. Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and...

8.5CVSS8.2AI score0.01016EPSS
Exploits2References4
drupal
drupal
added 2024/01/24 12:0 a.m.10 views

Swift Mailer (abandoned) - Moderately critical - Access bypass - SA-CONTRIB-2024-006

The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides. The module could allow an attacker...

9.1CVSS5.4AI score0.00366EPSS
Exploits0References7
nessus
nessus
added 2024/01/09 12:0 a.m.28 views

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-006)

The version of java-11-openjdk installed on the remote host is prior to 11.0.21.0.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2JAVA-OPENJDK11-2024-006 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: JSSE...

5.3CVSS6.3AI score0.014EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/11/21 12:0 a.m.4 views

PT-2023-9787 · Openbsd · Openbsd +1

Name of the Vulnerable Software and Affected Versions: OpenBSD versions 7.3 through 7.4 before errata 006 and 7.3 before errata 020 OpenBSD version 7.3 before errata 020 Description: The issue is related to a NULL dereference when handling a malformed fastcgi request in the httpd8 service. This c...

8.7CVSS7.2AI score0.00421EPSS
Exploits0References9
cvelist
cvelist
added 2023/09/28 6:17 p.m.43 views

CVE-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

7.5AI score0.00694EPSS
Exploits2References1
nessus
nessus
added 2023/09/27 12:0 a.m.82 views

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References6
nessus
nessus
added 2023/09/27 12:0 a.m.36 views

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)

The version of ansible installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-006 advisory. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive da...

5.5CVSS7AI score0.00568EPSS
Exploits2References8
nessus
nessus
added 2023/09/27 12:0 a.m.32 views

Amazon Linux 2 : redis (ALASREDIS6-2023-006)

The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-006 advisory. Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can b...

7.5CVSS7.1AI score0.03839EPSS
Exploits0References4
nessus
nessus
added 2023/09/27 12:0 a.m.27 views

Amazon Linux 2 : haproxy2 (ALASHAPROXY2-2023-006)

The version of haproxy2 installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2HAPROXY2-2023-006 advisory. In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write...

8.8CVSS7.9AI score0.60727EPSS
Exploits0References4
openvas
openvas
added 2023/09/21 12:0 a.m.25 views

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.5CVSS7.5AI score0.00694EPSS
Exploits2References1
nessus
nessus
added 2023/09/20 12:0 a.m.346 views

Drupal 9.5.x < 9.5.11 / 10.x < 10.0.11 / 10.1.x < 10.1.4 Drupal Vulnerability (SA-CORE-2023-006)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.5.x prior to 9.5.11, 10.x prior to 10.0.11, or 10.1.x prior to 10.1.4. It is, therefore, affected by a vulnerability. - In certain scenarios, Drupal's JSON:API module will output error backtraces...

7.5CVSS6.5AI score0.00694EPSS
Exploits2References7
nvd
nvd
added 2023/08/29 4:15 p.m.36 views

CVE-2023-38283

In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...

5.3CVSS5.2AI score0.01119EPSS
Exploits1References5
osv
osv
added 2023/08/29 4:15 p.m.2 views

DEBIAN-CVE-2023-38283

In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...

5.3CVSS6.9AI score0.01119EPSS
Exploits1References1
cve
cve
added 2023/08/29 12:0 a.m.79 views

CVE-2023-38283

CVE-2023-38283 affects OpenBGPD prior to 8.1, where the BGP UPDATE handling of path attribute lengths could cause an observer (potentially distant) to reset a session. OpenBSD fixes this in 7.3 errata 006. Supported details in connected documents confirm the vulnerability scope (OpenBGPD

5.3CVSS5.4AI score0.01119EPSS
Exploits1References5Affected Software1
osv
osv
added 2023/08/29 12:0 a.m.29 views

CVE-2023-38283

In OpenBGPD before 8.1, incorrect handling of BGP update data length of path attributes set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006...

5.3CVSS7AI score0.01119EPSS
Exploits1References7
nessus
nessus
added 2023/05/12 12:0 a.m.35 views

Veritas NetBackup prior to 10.0 Privilege Escalation (VTS23-006)

The Veritas NetBackup application installed on the remote Windows host is prior to 10.0 or is missing a vendor-supplied security hotfix. It is, therefore, affected by privilege escalation vulnerability. An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup...

7.8CVSS7.4AI score0.0019EPSS
Exploits0References6
nessus
nessus
added 2023/05/01 12:0 a.m.32 views

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2023-006)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0372.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2023-006 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle...

7.4CVSS6.5AI score0.02474EPSS
Exploits1References16
osv
osv
added 2023/01/20 10:15 p.m.10 views

CVE-2023-0052

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...

8.8CVSS7.7AI score0.0071EPSS
Exploits0References1
cve
cve
added 2023/01/20 9:23 p.m.70 views

CVE-2023-0052

SAUTER Controls Nova 200–220 Series (firmware 3.3-006 and earlier) and BACnetstac 4.2.1 and earlier are affected by CVE-2023-0052 due to missing authentication for a critical function, allowing command execution without credentials. Telemetry shows Telnet and FTP are the only device-management pr...

9.8CVSS9.2AI score0.0071EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder