Lucene search
K

545 matches found

OSV
OSV
added 2024/02/23 3:15 p.m.6 views

AZL-34456 CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.8 views

PT-2024-1920 · C-Ares +9 · C-Ares +9

Name of the Vulnerable Software and Affected Versions: c-ares versions prior to 1.27.0 Description: The issue is related to the ares read line function in the c-ares library, which is used for asynchronous DNS requests. This function parses local configuration files such as /etc/resolv.conf,...

8.2CVSS6.7AI score0.87211EPSS
Exploits2References122
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.31 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

5.2AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.3 views

Artica Pandora FMS Path Traversal Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A path traversal vulnerability exists in Artica Pandora FMS versions 700 through 773, which stems from a path traversal in...

9.8CVSS6.8AI score0.00573EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.3 views

OpenCart 安全漏洞

OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart suffers from an authorization issue vulnerability that arises from allowing a back-end user with...

8.8CVSS8.1AI score0.01779EPSS
Exploits1References2
Veracode
Veracode
added 2023/10/25 9:42 a.m.19 views

Server Side Request Forgery (SSRF)

ethyca-fides is vulnerable to Server Side Request Forgery. The vulnerability arises due to application's inability to perform validation against access of internal resources. A specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems...

8.2CVSS7.2AI score0.00675EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.36 views

RockyLinux 9 : libeconf (RLSA-2023:4347)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4347 advisory. libeconf: stack-based buffer overflow in readfile in lib/getfilecontents.c CVE-2023-22652 Tenable has extracted the preceding description block directly...

6.5CVSS6.9AI score0.00636EPSS
Exploits0References3
OSV
OSV
added 2023/10/03 1:15 a.m.2 views

CVE-2023-42771

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files...

8.8CVSS5.8AI score0.00332EPSS
Exploits0References2
CVE
CVE
added 2023/10/03 12:17 a.m.50 views

CVE-2023-42771

CVE-2023-42771 affects Furuno ACERA 1320 and ACERA 1310 devices with firmware version 01.26 and earlier, when operating in ST (Standalone) mode. A network-adjacent, unauthenticated attacker can access the product to download configuration and log files, and upload configuration files and/or firmw...

8.8CVSS8.6AI score0.00332EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/13 12:0 a.m.22 views

Fedora 37 : libeconf (2023-b4b77f950c)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b4b77f950c advisory. Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079 Tenable has extracted the preceding description block directly from the Fedora security...

6.5CVSS7AI score0.00636EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.6 views

PT-2023-29061 · Mcafee · Skyhigh Secure Web Gateway

Name of the Vulnerable Software and Affected Versions: Skyhigh Secure Web Gateway SWG versions 11.x prior to 11.2.14 Skyhigh Secure Web Gateway SWG versions 10.x prior to 10.2.25 Skyhigh Secure Web Gateway SWG versions 12.x prior to 12.2.1 Description: A password management issue in Skyhigh Secur...

6.5CVSS6.5AI score0.003EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.38 views

Fedora 38 : libeconf (2023-6432bb65ae)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6432bb65ae advisory. Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079 Tenable has extracted the preceding description block directly from the Fedora security...

6.5CVSS7AI score0.00636EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/22 2:31 a.m.21 views

Password Disclosure

dolphinscheduler-server is vulnerable to Password Disclosure. The vulnerability exists due to improper handling of logs in the process function of LoggerRequestProcessor.java, allowing an attacker to utilize tasks to read config files, which could include the database password...

7.5CVSS6.6AI score0.01234EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.6 views

PT-2023-22655 · Mremoteng · Mremoteng

Name of the Vulnerable Software and Affected Versions: mRemoteNG versions = 1.76.20 mRemoteNG versions = 1.77.3-dev Description: The issue allows attackers to access the contents of configuration files in plain text through a memory dump, thus compromising user credentials when no custom password...

7.5CVSS7.2AI score0.00431EPSS
Exploits4References8
OSV
OSV
added 2023/07/13 1:15 a.m.5 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.00591EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/06 9:5 p.m.34 views

SQLFluff users with access to config file, using `libary_path` may call arbitrary python code

Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...

7.8CVSS6.8AI score0.0039EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/07/06 4:15 p.m.2 views

UBUNTU-CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS6AI score0.0039EPSS
Exploits1References4
OSV
OSV
added 2023/07/06 4:15 p.m.6 views

PYSEC-2023-111

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.2AI score0.0039EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/06 3:3 p.m.12 views

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

6.3CVSS7.5AI score0.0039EPSS
Exploits1References2
CVE
CVE
added 2023/07/06 3:3 p.m.50 views

CVE-2023-36830

CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...

7.8CVSS7AI score0.0039EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder