Lucene search
+L

91 matches found

Patchstack
Patchstack
added 2024/05/15 12:0 a.m.13 views

WordPress reCAPTCHA Jetpack Plugin <= 0.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software reCAPTCHA Jetpack Type Plugin Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3940 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cb69d1ca95bb Credits Bob Matyas Required...

6.6AI score0.00381EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 6:0 a.m.16 views

CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.7AI score0.00381EPSS
Exploits2References1
F5 Networks
F5 Networks
added 2023/02/21 6:29 p.m.54 views

K15685: Linux kernel vulnerability CVE-2014-3940

Security Advisory Description The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service memory corruption or system crash by accessing certain memory locations, as demonstrated by triggering a race condition v...

4CVSS5.7AI score0.00274EPSS
Exploits0Affected Software19
Circl
Circl
added 2022/11/13 5:39 a.m.6 views

CVE-2022-3940

creationtimestamp| type| source ---|---|--- 2022-11-13 05:39:15+00:00| seen| https://t.me/cibsecurity/52867...

9.8CVSS8.7AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2022/11/11 7:15 a.m.7 views

CVE-2022-3940

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

9.8CVSS5.2AI score0.00641EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/11 12:0 a.m.6 views

CVE-2022-3940 lanyulei ferry task.go path traversal

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

3.5CVSS4.5AI score0.00641EPSS
Exploits0References1
CVE
CVE
added 2022/11/11 12:0 a.m.51 views

CVE-2022-3940

CVE-2022-3940 affects lanyulei ferry; path traversal arises from manipulating the file_name argument in apis/process/task.go. Root cause is unknown portion exposure, with a high-severity CVSSv3.1 (3.1) base score 9.8 and critical impact on confidentiality, integrity, and availability. Multiple so...

9.8CVSS6.7AI score0.00641EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:3940-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS8.3AI score0.0199EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-3940-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.01839EPSS
Exploits2References2
CVE
CVE
added 2022/02/24 2:30 p.m.35 views

CVE-2021-3940

CVE-2021-3940 is rejected/not used and does not represent an active vulnerability entry.

7.4AI score
Exploits0
Cvelist
Cvelist
added 2022/02/24 2:30 p.m.11 views

CVE-2021-3940

...

Exploits0
Tenable Nessus
Tenable Nessus
added 2021/12/07 12:0 a.m.49 views

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:3940-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3940-1 advisory. - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers bsc1191601. - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing...

8.6CVSS7.4AI score0.03286EPSS
Exploits2References22
OpenVAS
OpenVAS
added 2021/12/07 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2021:3940-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.8AI score0.03286EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2020/10/07 12:0 a.m.24 views

Oracle Linux 7 : openwsman (ELSA-2020-3940)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3940 advisory. 2.6.3-7.git4391e5c - Fix CVE-2019-3833 Resolves: 1677691 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

7.5CVSS7.5AI score0.15243EPSS
Exploits0References2
CVE
CVE
added 2020/01/17 5:59 p.m.166 views

CVE-2020-3940

CVE-2020-3940 affects VMware Workspace ONE SDK and dependent mobile applications. The root cause is improper handling of certificate verification failures when SSL Pinning is enabled, leading to a potential information disclosure. The CVSSv3.1 base score is 5.9 (confidentiality impact HIGH, no in...

5.9CVSS5.5AI score0.00802EPSS
Exploits0References1Affected Software9
Veracode
Veracode
added 2019/05/02 5:40 a.m.38 views

Privilege Escalation

The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Linux kernel's Transparent Huge Pages THP implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent...

6.2CVSS6.9AI score0.04517EPSS
Exploits1References39Affected Software1
Veracode
Veracode
added 2019/05/02 5:3 a.m.34 views

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References22Affected Software1
Veracode
Veracode
added 2019/05/02 5:3 a.m.70 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References16Affected Software1
CVE
CVE
added 2019/04/09 3:5 p.m.59 views

CVE-2019-3940

CVE-2019-3940 affects Advantech WebAccess 8.3.4. The vulnerability is a file upload issue via an unauthenticated RPC call, enabling a remote attacker to execute arbitrary code. No exploit details or remediation/version fix are provided in the supplied documents; impact is indicated as remote code...

9.8CVSS9.7AI score0.04082EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/30 12:0 a.m.39 views

Foxit PhantomPDF < 8.3.8 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.7. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities. C Tenable Network Security, Inc...

8.8CVSS8.1AI score0.09482EPSS
Exploits15References32
Rows per page
Query Builder