Lucene search
+L

162 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.7 views

CVE-2023-23130

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP cleartext with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS durin...

5.9CVSS6.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.6 views

CVE-2023-27591

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS6.9AI score0.00755EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

5.3CVSS6.8AI score0.00313EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.4 views

Disable the Root User from Logging in to the System Using SSH

The PermitRootLogin parameter in the SSH configuration file /etc/ssh/sshdconfig specifies whether the root user can log in to the system using SSH. The root user is not allowed to log in to the system using SSH. System administrators must use their own user to log in to the system using SSH and r...

7.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/02 5:24 p.m.15 views

Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...

7.5CVSS7.2AI score0.00755EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 12:57 a.m.20 views

CVE-2024-28101

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.5CVSS6.8AI score0.0077EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/09/13 12:0 a.m.14 views

CVE-2024-46674

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...

7.8CVSS6.4AI score0.00278EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/08/18 9:31 p.m.54 views

Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security...

7.5CVSS6.7AI score0.00677EPSS
Exploits1References12Affected Software1
SUSE CVE
SUSE CVE
added 2024/08/15 1:55 a.m.4 views

SUSE CVE-2024-42258

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: use !CONFIG64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 "mm: hugememory: don't force huge page alignment on 32 bit" didn't work for x8632 1. It is because...

5.5CVSS7.5AI score0.00212EPSS
Exploits0References3
Veracode
Veracode
added 2024/08/13 8:32 a.m.8 views

Cache Poisoning

typo3/cms is vulnerable to Cache Poisoning. The vulnerability is caused due to using the configuration option config.prefixLocalAnchors with values "all" or "cached". This can lead to unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that in the CONFIGCPUMASKOFFSTACK=y kernel, explicitly allocating the cpumask variable on the stack...

7.1CVSS6.3AI score0.00233EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2024/07/23 12:0 a.m.20 views

libreoffice security update

7.1.8.1-13.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Added the --with-hamcrest option to configure. 1:7.1.8.1-13 - Fix CVE-2024-3044 add notify for script use...

6.5CVSS6.7AI score0.01008EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.34 views

Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)

An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...

8.9CVSS5.8AI score0.00661EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.15 views

Hanwha Vision NVR Remote Code Execution (CVE-2023-6095)

An attacker could inject arbitrary attack code by manipulating HTTP headers. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to succeed...

8.9CVSS5.8AI score0.00661EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/05/30 6:59 p.m.18 views

TYPO3 Arbitrary Shell Execution in Swiftmailer library

The swiftmailer library in use allows to execute arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. Affected are only TYPO3 installation the configuration option $GLOBALS'TYPO3CONFVARS''MAIL''transport' is set to "sendmail"...

7.9AI score
Exploits0References7Affected Software1
NVD
NVD
added 2024/05/26 2:15 p.m.22 views

CVE-2024-5270

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

4.3CVSS4.8AI score0.00274EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/14 10:31 p.m.39 views

sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...

5.3CVSS6.4AI score0.0026EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/03/14 10:53 p.m.80 views

Design/Logic Flaw

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.1AI score0.0077EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/03/12 8:24 a.m.27 views

BIT-GRAFANA-2023-6152

A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verifyemailenabled" will only validate email only on sign up...

5.4CVSS6AI score0.01385EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 9:7 p.m.38 views

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

7.5CVSS6.7AI score0.0077EPSS
Exploits0References4
Rows per page
Query Builder