Lucene search
K

58 matches found

Veracode
Veracode
added 2025/04/23 3:28 a.m.12 views

Authentication Bypass

github.com/mattermost/mattermost-server is vulnerable to a Authentication Bypass. The vulnerability is due to inadequate cache management during the user-to-bot conversion process, which allows an attacker to log in to the bot once using the original user credentials by bypassing normal...

5.4CVSS6.8AI score0.00204EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.6 views

Drupal Cache Utility 跨站请求伪造漏洞

Drupal Cache Utility is a tool module for the Drupal community to manage and optimize the Drupal cache. A cross-site request forgery vulnerability exists in Drupal Cache Utility versions prior to 1.2.1 that stems from cross-site request forgery...

8.8CVSS6.5AI score0.0021EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-42317

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as...

5.5CVSS6.7AI score0.00182EPSS
Exploits0References4
OSV
OSV
added 2025/01/21 12:18 p.m.5 views

CVE-2024-57941 netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...

5.5CVSS5.5AI score0.0017EPSS
Exploits0References5
Veracode
Veracode
added 2025/01/14 11:3 a.m.7 views

Improper Cache Management

github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...

2.1CVSS6.5AI score0.00539EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-49591

Name of the Vulnerable Software and Affected Versions pdns-recursor affected versions not specified Description An attacker can cause the software to fail due to an assertion failure. This is triggered by sending specially crafted DNS records, which are then cached, followed by a DNS query with t...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-47737)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47737 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfsd: call cacheput if xdrreservespace...

5.5CVSS6.4AI score0.00277EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/10/21 12:14 p.m.10 views

CVE-2024-47737

In the Linux kernel, the following vulnerability has been resolved: nfsd: call cacheput if xdrreservespace returns NULL If not enough buffer space available, but idmaplookup has triggered lookupfn which calls cacheget and returns successfully. Then we missed to call cacheput here which pairs with...

5.5CVSS5.9AI score0.00277EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly free cache in the nfsd subsystem when xdrreservespace returns NULL, which could lead t...

5.5CVSS6.6AI score0.00277EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2024/01/05 5:15 p.m.33 views

CVE-2023-46837

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes such as the ones during scrubbing have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the...

3.3CVSS5.9AI score0.00241EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.39 views

SAP NetWeaver AS Java Multiple Vulnerabilities (March 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directo...

9.9CVSS6.3AI score0.00578EPSS
Exploits0References9
OSV
OSV
added 2023/03/14 5:15 a.m.5 views

CVE-2023-26460

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

5.3CVSS6.1AI score0.00476EPSS
Exploits0References2
Prion
Prion
added 2023/03/14 5:15 a.m.20 views

Authentication flaw

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

5CVSS5.5AI score0.00476EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/14 4:56 a.m.76 views

CVE-2023-26460

The CVE-2023-26460 entry concerns the Cache Management Service of SAP NetWeaver Application Server for Java, version 7.50. The underlying issue is that this component does not perform authentication for functionalities that require user identity, enabling potential unauthorized operations. Affect...

5.3CVSS5.5AI score0.00476EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/14 4:56 a.m.8 views

CVE-2023-26460 Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...

5.3CVSS5.5AI score0.00476EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.6 views

PT-2023-16915

Name of the Vulnerable Software and Affected Versions RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description The issue is due to missing or incorrect nonce validation on the clear page cache function, making it possible for unauthenticated attacke...

4.3CVSS6.3AI score0.00315EPSS
Exploits0References6
OSV
OSV
added 2021/05/04 3:17 p.m.8 views

SUSE-SU-2021:1498-1 Security update for samba

This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. - CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. - Avoid...

7.5CVSS7.6AI score0.04328EPSS
Exploits0References10
OSV
OSV
added 2021/01/13 9:13 a.m.1 views

SUSE-SU-2021:0109-1 Security update for libzypp, zypper

This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file bsc1050625 bsc1177583 - RepoManager: Force refresh if repo url has changed bsc1174016 - RepoManager: Carefully tidy up the...

4CVSS3.6AI score0.00337EPSS
Exploits0References14
Oracle linux
Oracle linux
added 2020/11/10 12:0 a.m.71 views

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

7.5CVSS7.4AI score0.03292EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.36 views

openSUSE Security Update : singularity (openSUSE-2020-1037)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

9CVSS7.4AI score0.02127EPSS
Exploits1References12
Rows per page
Query Builder