Lucene search
K

244 matches found

CNNVD
CNNVD
added 2023/01/13 12:0 a.m.5 views

Sauter AG Controls Nova 安全漏洞

Sauter AG Controls Nova is an intelligent building automation system from Sauter AG, Switzerland. A security vulnerability exists in Sauter AG Controls Nova 200-220 Series firmware version 3.3-006 and earlier and BACnetstac version 4.2.1 and earlier, which stems from the fact that only FTP and...

7.5CVSS7.7AI score0.00386EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.5 views

Sauter AG Controls Nova 访问控制错误漏洞

Sauter AG Controls Nova is an intelligent building automation system from Sauter AG, Switzerland. An access control error vulnerability exists in Sauter AG Controls Nova 200-220 Series firmware version 3.3-006 and earlier, and BACnetstac version 4.2.1 and earlier, which stems from the fact that i...

9.8CVSS8.3AI score0.0071EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2022/11/29 12:0 a.m.54 views

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

10CVSS0.1AI score0.02701EPSS
Exploits2
OSV
OSV
added 2022/09/16 5:16 p.m.51 views

GHSA-FFFR-7X4X-F98Q TYPO3 CMS vulnerable to Denial of Service in Page Error Handling

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C 5.5 Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the...

5.9CVSS6.4AI score0.01312EPSS
Exploits0References8
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.28 views

TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.66 views

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)

The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-006 advisory. A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary...

7.8CVSS7.4AI score0.04947EPSS
Exploits1References14
CISA
CISA
added 2022/03/22 12:0 a.m.8 views

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-006 and apply the necessary update...

2.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/03/22 12:0 a.m.184 views

Drupal 9.2.x < 9.2.16 / 9.3.x < 9.3.9 Drupal Vulnerability (SA-CORE-2022-006)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.16 or 9.3.x prior to 9.3.9. It is, therefore, affected by a vulnerability. - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to...

7.5CVSS7.3AI score0.02384EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/03/22 12:0 a.m.22 views

Drupal Vulnerability in Third-party Library (SA-CORE-2022-006) - Windows

Drupal is prone to a vulnerability in a third-party library. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.4AI score0.02384EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/03/22 12:0 a.m.24 views

Drupal Vulnerability in Third-party Library (SA-CORE-2022-006) - Linux

Drupal is prone to a vulnerability in a third-party library. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.4AI score0.02384EPSS
Exploits0References2
Drupal
Drupal
added 2022/03/21 12:0 a.m.43 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-006

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which may affect some Drupal sites. We are issuing this security advisory outside our regular Drupal security release window schedule since Guzzle has...

7.5CVSS0.3AI score0.02384EPSS
Exploits0References13
Drupal
Drupal
added 2022/01/25 12:0 a.m.18 views

Taxonomy Access Control Lite - Critical - Unsupported - SA-CONTRIB-2022-006

Update 2022-03-01. New maintainers have volunteered for the project and created a new release which includes fixes for the 3 security issues that caused the module to be unsupported. The security team is marking this project unsupported. There is a known security issue with the project that has n...

6.7AI score
Exploits0References3
Cvelist
Cvelist
added 2022/01/18 10:20 p.m.40 views

CVE-2022-21694 OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...

3.7CVSS5.5AI score0.01248EPSS
Exploits0References3
Prion
Prion
added 2021/10/05 6:15 p.m.26 views

Cross site request forgery (csrf)

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

6.8CVSS8.5AI score0.00699EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/05 5:20 p.m.82 views

CVE-2021-41113

CVE-2021-41113 — TYPO3 Backend CSRF : TYPO3’s v11 feature for creating/sharing deep links in the backend UI is vulnerable to cross-site request forgery. An unauthenticated attacker could exploit a logged-in victim’s session to perform actions, potentially creating an admin user account and taking...

8.8CVSS8.1AI score0.00619EPSS
Exploits0References3Affected Software1
CISA
CISA
added 2021/09/23 12:0 a.m.10 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the Appl...

7.2AI score
Exploits0References2
CISA
CISA
added 2021/09/16 12:0 a.m.14 views

Drupal Releases Multiple Security Updates

Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Drupal security advisories a...

7.1AI score
Exploits0References5
OpenVAS
OpenVAS
added 2021/09/16 12:0 a.m.14 views

Drupal 8.x < 8.9.19, 9.x < 9.1.13, 9.2.x < 9.2.6 Multiple Vulnerabilities (SA-CORE-2021-006, SA-CORE-2021-007, SA-CORE-2021-008, SA-CORE-2021-009, SA-CORE-2021-010) - Windows

Drupal is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.2AI score0.01236EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/09/16 12:0 a.m.18 views

Drupal 8.x < 8.9.19, 9.x < 9.1.13, 9.2.x < 9.2.6 Multiple Vulnerabilities (SA-CORE-2021-006, SA-CORE-2021-007, SA-CORE-2021-008, SA-CORE-2021-009, SA-CORE-2021-010) - Linux

Drupal is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.2AI score0.01236EPSS
Exploits0References5
Drupal
Drupal
added 2021/09/15 12:0 a.m.32 views

Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006

The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to...

6.1CVSS0.8AI score0.00259EPSS
Exploits0References15
Rows per page
Query Builder