Lucene search
K

161 matches found

veracode
veracode
added 2024/02/20 7:34 a.m.275 views

Sql Injection

org.postgresql, postgresql is vulnerable to Sql Injection. The vulnerability is caused due to not escaping user provided literal parameter values in SQL query when using configuration option PreferQueryMode=SIMPLE. An attacker can exploit this vulnerability to inject SQL to alter the query by...

10CVSS7.8AI score0.0481EPSS
Exploits0References10Affected Software2
freebsd
freebsd
added 2023/11/10 12:0 a.m.20 views

Grafana -- Email verification is not required after email change

Grafana Labs reports: The vulnerability impacts instances where Grafana basic authentication is enabled. Grafana has a verifyemailenabled configuration option. When this option is enabled, users are required to confirm their email addresses before the sign-up process is complete. However, the ema...

5.4CVSS7.1AI score0.01385EPSS
Exploits1References1
susecve
susecve
added 2023/10/31 2:40 a.m.3 views

SUSE CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

8.1CVSS7.2AI score0.01516EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.4 views

Pip Command Injection Vulnerability

Pip is a set of tools for installing and managing Python packages. A security vulnerability exists in pip versions prior to v23.3, which stems from the presence of an injected arbitrary configuration option call...

5.5CVSS7.6AI score0.00476EPSS
Exploits0References10
prion
prion
added 2023/08/24 11:15 p.m.14 views

Integer overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

4.4CVSS7.8AI score0.0027EPSS
Exploits0References5Affected Software1
osv
osv
added 2023/08/24 10:50 p.m.18 views

CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

7.8CVSS7.7AI score0.0027EPSS
Exploits0References7
nvd
nvd
added 2023/07/17 4:15 p.m.18 views

CVE-2023-3586

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.4CVSS0.00234EPSS
Exploits0References1
prion
prion
added 2023/07/17 4:15 p.m.14 views

Design/Logic Flaw

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/07/17 3:25 p.m.24 views

CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

4.2CVSS5.7AI score0.00234EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/07/17 3:25 p.m.14 views

CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible...

4.2CVSS6.8AI score0.00234EPSS
Exploits0References1
github
github
added 2023/07/11 10:46 p.m.2483 views

Vendure Cross Site Request Forgery vulnerability impacting all API requests

Impact Vendure is an e-commerce GraphQL framework with a number of APIs and different levels of authorization. By default the Cookie settings are insecure, having the SameSite setting as false which results in not having one originates from the cookie-session npm package’s default settings. Patch...

6.8AI score
Exploits0References3Affected Software1
github
github
added 2023/06/30 8:41 p.m.43 views

org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted

Impact The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add ...

9CVSS7.6AI score0.01021EPSS
Exploits1References5Affected Software1
debian
debian
added 2023/06/29 11:23 p.m.58 views

[SECURITY] [DLA 3475-1] trafficserver security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3475-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023 https://wiki.debian.org/LTS -...

7.5CVSS8.1AI score0.02005EPSS
Exploits0
vaadin
vaadin
added 2023/06/22 12:0 a.m.67 views

Apache Commons FileUpload - DoS with excessive parts

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.5CVSS6.8AI score0.46836EPSS
Exploits1Affected Software2
cnvd
cnvd
added 2023/06/16 12:0 a.m.18 views

Apache Traffic Server Denial of Service Vulnerability (CNVD-2023-55453)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A denial of service vulnerability exists in Apache Traffic Server due to improper input validation related to the configuration option proxy.config.http.pushmethodenabled faili...

7.5CVSS6.5AI score0.02005EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2023/06/14 8:15 a.m.30 views

CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

7.5CVSS7.1AI score0.02005EPSS
Exploits0References2
cvelist
cvelist
added 2023/06/14 7:44 a.m.27 views

CVE-2023-30631 Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

7.6AI score0.02005EPSS
Exploits0References5
cnnvd
cnnvd
added 2023/06/14 12:0 a.m.6 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A denial of service vulnerability exists in Apache Traffic Server due to improper input validation related to the configuration option proxy.config.http.pushmethodenabled faili...

7.5CVSS6.6AI score0.02005EPSS
Exploits0References6
redhatcve
redhatcve
added 2023/05/11 6:21 a.m.77 views

CVE-2023-1387

A flaw was found in Grafana. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by an issue when enabling the "urllogin" configuration option. By sending a specially crafted request, an attacker can obtain JWT information and use this to launch further attack...

7.5CVSS6.7AI score0.01504EPSS
Exploits1References5
nvd
nvd
added 2023/05/08 9:15 p.m.21 views

CVE-2023-31140

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

6.5CVSS5.8AI score0.00891EPSS
Exploits1References4
Rows per page
Query Builder