Lucene search
+L

181 matches found

Github Security Blog
Github Security Blog
added 2019/08/16 2:0 p.m.29 views

SQL Injection in Django

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

9.8CVSS2.5AI score0.47694EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2019/08/02 3:15 p.m.27 views

CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS7.4AI score
Exploits0References10
NVD
NVD
added 2019/06/06 7:29 p.m.19 views

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...

6.1CVSS6.1AI score0.00663EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/05/31 12:0 a.m.68 views

Symantec Content Analysis < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1410)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a...

9.8CVSS7.2AI score0.39341EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/03/07 7:0 p.m.19 views

CVE-2019-3776 Reflected XSS in Pivotal Operations Manager

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with...

7.2CVSS6.9AI score0.00846EPSS
Exploits0References2
IBM AIX
IBM AIX
added 2019/02/25 4:54 p.m.391 views

There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.

IBM SECURITY ADVISORY First Issued: Mon Feb 25 16:54:49 CST 2019 |Updated: Tue Apr 9 09:55:34 CDT 2019 |Update: Increased the lower impacted fileset levels for some fileset | levels. Please see the Fileset table in AFFECTED PRODUCTS AND VERSIONS | for more information. The most recent version of...

5.5CVSS0.9AI score0.02364EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/07/27 12:0 a.m.41 views

Wireshark 2.6.x < 2.6.2 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.2 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was...

7.8CVSS7AI score0.03773EPSS
Exploits2References28
CNVD
CNVD
added 2018/07/19 12:0 a.m.4 views

Wireshark Denial of Service Vulnerability (CNVD-2018-13659)

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in the parser used to decompress zlib in Wireshark...

7.5CVSS7.5AI score0.0345EPSS
Exploits1References1
IBM AIX
IBM AIX
added 2018/06/21 2:7 p.m.596 views

Vulnerability in rmsock affects AIX (CVE-2018-1655),Vulnerability in rmsock affects VIOS (CVE-2018-1655)

IBM SECURITY ADVISORY First Issued: Thu Jun 21 14:07:15 CDT 2018 |Updated: Tue Jul 3 08:09:45 CDT 2018 |Update: Additional iFixes are now available. Additional iFixes are now available | for: | AIX 6100-09-09 and 6100-09-10 | AIX 7100-04-04 and 7100-04-05 | AIX 7100-05-00 and 7100-05-01 | AIX...

5.5CVSS0.00425EPSS
Exploits0
IBM AIX
IBM AIX
added 2018/04/30 11:0 a.m.626 views

Vulnerability in OpenSSL affects AIX (CVE-2018-0739)

IBM SECURITY ADVISORY First Issued: Mon Apr 30 11:00:38 CDT 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory26.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory26.asc...

6.5CVSS0.6AI score0.19295EPSS
Exploits0
Prion
Prion
added 2018/04/04 7:29 a.m.17 views

Memory corruption

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak...

5CVSS7.4AI score0.0206EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2018/02/26 12:0 a.m.52 views

Wireshark Security Updates (wnpa-sec-2018-05 to -14) Mac OS X

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

7.5CVSS8.6AI score0.02743EPSS
Exploits3References10
OSV
OSV
added 2017/10/24 6:33 p.m.21 views

GHSA-CQR7-78PJ-3G7J File Descriptor Leak Can Cause DoS Vulnerability in hapi

Versions 2.0.x and 2.1.x of hapi are vulnerable to a denial of service attack via a file descriptor leak. When triggered repeatedly, this leak will cause the server to run out of file descriptors and the node process to die. The effort required to take down a server depends on the process file...

5CVSS6.4AI score0.02374EPSS
Exploits0References7
CNVD
CNVD
added 2017/08/08 12:0 a.m.5 views

Zend Framework Session Authentication Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A security vulnerability exists in Zend/Session/SessionManager in version 2.2.x before ZF 2.2.9 and version 2.3.x...

9.1CVSS9.2AI score0.01393EPSS
Exploits0References1
NVD
NVD
added 2017/08/07 5:29 p.m.22 views

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

9.1CVSS9.3AI score0.01393EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/21 12:0 a.m.38 views

Wireshark 2.2.x < 2.2.8 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.8 advisory. - In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust...

7.8CVSS6.9AI score0.03343EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2017/06/30 1:29 p.m.27 views

CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy with a wrong size, leading to a denial of service application crash or possibly code execution...

9.8CVSS7.3AI score0.04476EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/22 12:0 a.m.23 views

Apache httpd Buffer Overflow Vulnerability

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd version 2.2.x prior to 2.2.33 and version 2.4.x prior to 2.4.26. An attacker can exploit this...

9.8CVSS7AI score0.39341EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2017/06/21 12:0 a.m.211 views

Apache HTTP Server Multiple Vulnerabilities (Jun 2017) - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...

9.8CVSS9.1AI score0.39341EPSS
Exploits3References5
Prion
Prion
added 2017/06/20 1:29 a.m.59 views

Default credentials

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

7.5CVSS9.3AI score0.39341EPSS
Exploits3References40Affected Software1
Rows per page
Query Builder