Lucene search
K

161 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 3:45 a.m.37 views

Typo3 Open Redirect In Frontend Rendering

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains. An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that...

4.3CVSS6.9AI score0.01724EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/17 3:5 a.m.6 views

GHSA-479J-JF2P-38PG OpenStack Glance improper validation of the image_size_cap configuration option

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

4CVSS6AI score0.02127EPSS
Exploits0References12
OSV
OSV
added 2022/03/23 8:36 a.m.7 views

MGASA-2022-0110 Updated sphinx packages fix security vulnerability

It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. CVE-2020-29050...

7.5CVSS7.4AI score0.02166EPSS
Exploits2References5
Prion
Prion
added 2022/03/08 10:15 p.m.21 views

Server side request forgery (ssrf)

alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is onl...

4CVSS6.2AI score0.00898EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2022/01/07 12:0 a.m.19 views

Debian: Security Advisory (DSA-5036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02166EPSS
Exploits2References4
Debian
Debian
added 2022/01/06 6:36 p.m.58 views

[SECURITY] [DSA 5036-1] sphinxsearch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5036-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 06, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.02166EPSS
Exploits2
OPENSUSE Linux
OPENSUSE Linux
added 2021/11/22 12:0 a.m.42 views

Security update for barrier (moderate)

openSUSE Security Update: Security update for barrier Announcement ID: openSUSE-SU-2021:1498-1 Rating: moderate References: Cross-References: CVE-2021-42072 CVE-2021-42073 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: This update for...

8.8CVSS6.9AI score0.01601EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.16 views

Network Time Protocol (NTP) Mode 6 Query Response Check (UDP)

Services which are supporting the Network Time Protocol NTP and respond to Mode 6 queries are prone to an information disclosure and might be misused for Distributed Denial of Service DDoS attacks. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenc...

6.5AI score
Exploits0References4
PyPA
PyPA
added 2021/09/17 8:15 p.m.6 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS7.1AI score0.00307EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/04/16 7:53 p.m.123 views

Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

8.4CVSS2.2AI score0.30623EPSS
Exploits5References6Affected Software1
OSV
OSV
added 2021/04/16 7:53 p.m.25 views

GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

8.4CVSS7.6AI score0.30623EPSS
Exploits5References5
OSV
OSV
added 2020/12/17 3:24 p.m.7 views

OPENSUSE-SU-2020:2268-1 Security update for clamav

This update for clamav fixes the following issues: clamav was updated to the new major release 0.103.0. jscECO-3010,bsc1118459 Note that libclamav was changed incompatible, if you have a 3rd party application that uses libclamav, it needs to be rebuilt. Update to 0.103.0 clamd can now reload the...

9.8CVSS7.3AI score0.0812EPSS
Exploits4References21
Prion
Prion
added 2020/10/16 9:15 p.m.14 views

Default configuration

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactiv...

7.2CVSS6.5AI score0.00328EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2020/06/27 12:0 a.m.67 views

PuTTY -- Release 0.74 fixes two security vulnerabilities

Simon Tatham reports: Release 0.74 fixes the following security issues: New configuration option to disable PuTTY's default policy of changing its host key algorithm preferences to prefer keys it already knows. There is a theoretical information leak in this policy. CVE-2020-14002 In some...

5.9CVSS1.1AI score0.03146EPSS
Exploits0References4
Prion
Prion
added 2020/06/09 5:15 p.m.19 views

Design/Logic Flaw

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This...

9.3CVSS9AI score0.01432EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/05/14 8:40 a.m.27 views

CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as...

4.3CVSS1.9AI score0.00713EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/05/09 8:16 p.m.33 views

CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

5AI score0.00403EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2020/05/09 8:16 p.m.51 views

CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

4.4CVSS5.1AI score0.00403EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/03/31 12:36 p.m.21 views

CVE-2020-10595

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...

9.8CVSS10AI score0.04784EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/03/31 3:0 a.m.21 views

CVE-2020-10595

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a...

9.8CVSS7.5AI score0.04784EPSS
Exploits0References2
Rows per page
Query Builder