Lucene search
K

229 matches found

OSV
OSV
added 2023/12/22 2:15 a.m.6 views

CVE-2023-51708

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...

8.6CVSS5.8AI score0.00465EPSS
Exploits0References1
NVD
NVD
added 2023/12/22 2:15 a.m.27 views

CVE-2023-51708

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...

8.6CVSS0.00465EPSS
Exploits0References1
Prion
Prion
added 2023/12/22 2:15 a.m.19 views

Information disclosure

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...

5CVSS6.8AI score0.00465EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/12/22 12:0 a.m.18 views

CVE-2023-51708

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...

6.8AI score0.00465EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/22 12:0 a.m.31 views

CVE-2023-51708

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For...

8.4AI score0.00465EPSS
Exploits0References1
Veeam
Veeam
added 2023/12/05 12:0 a.m.66 views

How to Configure Advanced Syslog Integration Options

Purpose This article documents advanced configuration options for syslog integration with Veeam Backup & Replication, a new feature starting in version 12.1. Solution The following advanced configuration options are available: Add BOM Before MSG Field Add the Unicode byte order mask BOM before th...

7AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2023/11/21 4:19 a.m.51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
Veracode
Veracode
added 2023/11/03 10:45 a.m.28 views

Command Injection

pip is vulnerable to Command Injection. While installing a package from Mercurial VCS URL, a specified mercurial URL could be used to inject arbitrary configuration options to the hg clone call. Controlling the Mercurial configuration can modify how and which repository is installed...

5.5CVSS7.1AI score0.00476EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/11/01 6:15 p.m.21 views

Input validation

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

6.5CVSS9AI score0.00892EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/11/01 6:15 p.m.29 views

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

6.5CVSS9AI score0.01073EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/01 5:8 p.m.49 views

CVE-2023-20219

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

7.2CVSS9.2AI score0.00892EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.79 views

Command Injection in pip when used with Mercurial

When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.1AI score0.00476EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.2 views

PT-2023-7006

Name of the Vulnerable Software and Affected Versions pip versions prior to v23.3 Description The issue is related to the injection of arbitrary configuration options to the "hg clone" call when installing a package from a Mercurial VCS URL using pip. This can modify how and which repository is...

6.8CVSS6.9AI score0.00476EPSS
Exploits0References62
Github Security Blog
Github Security Blog
added 2023/10/17 1:48 p.m.29 views

Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries

Impact An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user accou...

7.5CVSS6.9AI score0.00901EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2023/10/12 8:15 p.m.19 views

Cross site scripting

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...

5.8CVSS6AI score0.00311EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/12 7:0 p.m.40 views

CVE-2023-5562 Unsafe default allows for cross-site scripting attacks in KNIME Server and KNIME Business Hub

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...

6.1CVSS6.3AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.3 views

PT-2023-26856 · Aruba · Arubaos-Switch

Name of the Vulnerable Software and Affected Versions: ArubaOS-Switch affected versions not specified Description: A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of th...

8.3CVSS6.1AI score0.00418EPSS
Exploits0References10
Amd
Amd
added 2023/08/08 12:0 a.m.118 views

Return Address Security Bulletin

Bulletin ID: AMD-SB-7005 Potential Impact: Data Confidentiality Severity: Medium Summary AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading ...

4.7CVSS6.9AI score0.0616EPSS
Exploits1
NVD
NVD
added 2023/06/07 2:15 a.m.16 views

CVE-2020-36716

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.3CVSS7.1AI score0.00825EPSS
Exploits1References3
Prion
Prion
added 2023/06/07 2:15 a.m.17 views

Authorization

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setuppage function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard if it has not been run previously and...

7.5CVSS7AI score0.00825EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder