Lucene search
K

807 matches found

BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.6 views

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry-Go Contrib, relates to the distribution of resources without any restrictions or regulations. This allows a malicious actor to cause service failures.

The vulnerability of the set of additional tools and libraries for the Go language, designed for integration with OpenTelemetry, relates to the distribution of resources without any restrictions or regulation when adding the net.peer.sock.addr and net.peer.sock.port tags, which have unrestricted...

7.8CVSS7AI score0.01592EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2024/08/30 11:37 p.m.14 views

GHSA-CXJF-X6JP-P7MC opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS7.1AI score0.99735EPSS
Exploits9References7
vulnersOsv
vulnersOsv
added 2024/08/30 11:37 p.m.5 views

a-texam (=1.1.0), aait (>=1.0.4 <=1.0.5) +1255 more potentially affected by CVE-2023-4863 via opencv-contrib-python (>=3.4.11.45 <=4.8.0.76)

opencv-contrib-python PYPI version =3.4.11.45, =1.0.4, =0.0.29, =1.11.4, =0.5.0, =0.1.0, =24.3.2, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =1.0.3 and more Source cves: CVE-2023-4863 Source advisory: OSV:GHSA-CXJF-X6JP-P7MC...

8.8CVSS7AI score0.99735EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2024/08/30 11:37 p.m.8 views

ailabeler (=0.5.0), aiotieba (>=2.9.0 <=2.10.3) +128 more potentially affected by CVE-2023-4863 via opencv-contrib-python-headless (>=3.4.18.65 <=4.8.0.76)

opencv-contrib-python-headless PYPI version =3.4.18.65, =2.9.0, =0.1.0, =1.2.0, =0.1.0, =0.1.11, =1.0.0, =5.4.1, =0.0.1, =0.1.9, =0.1.1, =0.1.2, =0.1.4 and more Source cves: CVE-2023-4863 Source advisory: OSV:GHSA-W2PJ-9CGH-MQ2C...

8.8CVSS7AI score0.99735EPSS
Exploits9
OSV
OSV
added 2024/08/30 11:37 p.m.16 views

GHSA-W2PJ-9CGH-MQ2C opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS7.1AI score0.99735EPSS
Exploits9References7
OSV
OSV
added 2024/08/30 5:18 p.m.11 views

GO-2024-3102 OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver

OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver...

5.3CVSS5.2AI score0.00489EPSS
Exploits0References11
Drupal
Drupal
added 2024/08/28 12:0 a.m.26 views

Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033

This module enables you to cache pages for logged in users at the Varnish level. The Varnish bin names may be guessable when no hashing noise configuration is set on the module configuration page, which would ultimately allow any user to view cached pages that were intended for other roles when...

5.3CVSS6.9AI score0.00353EPSS
Exploits0References5
Drupal
Drupal
added 2024/08/07 12:0 a.m.15 views

Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...

7.5CVSS7.1AI score0.00537EPSS
Exploits0References9
Drupal
Drupal
added 2024/07/31 12:0 a.m.12 views

View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026

The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...

4.8CVSS7.2AI score0.00261EPSS
Exploits0References6
Wolfi
Wolfi
added 2024/07/30 10:18 a.m.29 views

GHSA-V23V-6JW2-98FQ vulnerabilities

Vulnerabilities for packages: harbor-scanner-trivy, kots, dive, newrelic-infrastructure-agent, apko, ctop, nerdctl, bom, vexctl, helm-push, flux-helm-controller, helm, dagger, up, dagdotdev, melange, skaffold, cadvisor, opentelemetry-collector, argo-workflows, aactl, timoni, trivy, helm-operator,...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: cri-tools / docker-buildx / kubernetes / opa / prometheus (CVE-2023-45142)

The version of cri-tools / docker-buildx / kubernetes / opa / prometheus installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45142 advisory. - OpenTelemetry-Go Contrib is a collection of third-party...

7.5CVSS7.9AI score0.01364EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.37 views

CBL Mariner 2.0 Security Update: containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc (CVE-2023-47108)

The version of containerd / cri-tools / docker-buildx / docker-compose / moby-containerd-cc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-47108 advisory. - OpenTelemetry-Go Contrib is a collecti...

7.5CVSS6.9AI score0.01592EPSS
Exploits0References2
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.113 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: fulcio, sigstore-scaffolding, hugo, flyte, rekor, trino, spire-server, flux-kustomize-controller, nuclei, terragrunt, py3-azure-identity, secrets-store-csi-driver-provider-azure, step-ca, up, velero, tempo, opentelemetry-collector, argo-workflows,...

5.5CVSS6.5AI score0.00788EPSS
Exploits0
Wolfi
Wolfi
added 2024/06/10 6:36 p.m.23 views

GHSA-87M9-RV8P-RGMG vulnerabilities

Vulnerabilities for packages: opentelemetry-collector, spicedb, opentelemetry-collector-contrib, datadog-agent, tempo...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.20 views

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2024-635)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-635 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Tenable has extracted the preceding description block directly from the tested product security advisory. No...

4.3CVSS6.5AI score0.00722EPSS
Exploits0References4
Veracode
Veracode
added 2024/05/29 6:21 a.m.18 views

Denial Of Service (DoS)

rack-contrib is vulnerable to a Denial Of Service DoS. The vulnerability is due to the user-controlled profilerruns parameter not being constrained, which allows an attacker to allocate resources on the server side without limitation, resulting in Denial of Service...

8.6CVSS6.7AI score0.00661EPSS
Exploits0References3Affected Software1
Drupal
Drupal
added 2024/05/29 12:0 a.m.24 views

Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024

The Migrate queue importer module enables you to create cron migrationsconfiguration entities with a reference towards migration entities in order to import them during cron runs. The module doesn't sufficiently protect against Cross Site Request Forgery under specific scenarios allowing an...

8.8CVSS7AI score0.00189EPSS
Exploits0References7
Drupal
Drupal
added 2024/05/29 12:0 a.m.36 views

Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

9.8CVSS7.3AI score0.00618EPSS
Exploits0References9
Snyk
Snyk
added 2024/05/27 5:51 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unconstrained value of the incoming profilerruns parameter. An attacker can cause the server to allocate excessive resources, leading to a denial of service by sending...

8.6CVSS6.8AI score0.00661EPSS
Exploits0References2
NVD
NVD
added 2024/05/27 5:15 p.m.17 views

CVE-2024-35231

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Versions of rack-contrib prior to 2.5.0 are vulnerable to denial of service due to the fact that the user controlled data profilerruns was not constrained to any limitation. This would lead to...

8.6CVSS8.4AI score0.00661EPSS
Exploits0References2
Rows per page
Query Builder