Lucene search
K

89 matches found

Tenable Nessus
Tenable Nessus
added 2024/03/20 12:0 a.m.44 views

Oracle Linux 8 : conmon (ELSA-2024-12226)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12226 advisory. - address CVE-2023-39326 cri-o - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools - Address CVE-2023-39326 etcd - Address CVE-2023-39326 by...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References2
OSV
OSV
added 2024/02/02 8:55 a.m.4 views

SUSE-SU-2024:0315-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2023-49933: Fixed a message extension attack that could bypass the message hash bsc1218046. - CVE-2023-49936: Fixed a NULL pointer dereference bsc1218050. - CVE-2023-49937: Fixed a double free that could lead to denial of service or code...

9.8CVSS8.6AI score0.01386EPSS
Exploits0References9
OSV
OSV
added 2023/10/25 9:15 p.m.46 views

GHSA-XWCQ-PM8M-C4VF crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS9.2AI score0.00635EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/25 9:14 p.m.58 views

crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Impact Summary Crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standardOWASP PBKDF2 Cheatsheet. This is because it both 1 defaults to SHA1SHA1 wiki, a cryptographic hash algorithm considered insecure since at leas...

9.1CVSS6.6AI score0.00446EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/10/11 1:47 a.m.1 views

SUSE CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS8.7AI score0.00618EPSS
Exploits0References6
Code423n4
Code423n4
added 2023/04/28 12:0 a.m.13 views

SHA1 Hashing Algorithm vulnerable to Length Extension Attack

Lines of code Vulnerability details Impact The implementation of the SHA1 hashing algorithm in the code has a significant impact as it is vulnerable to the length extension attack. This attack enables us to create a new hash for an extended message without altering the existing hash, even though ...

7.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.1 views

SUSE CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS8.9AI score0.00664EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.2 views

SUSE CVE-2022-3449

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS9AI score0.00411EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/02/09 6:42 p.m.4 views

Malicious code in freqrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f0661e5b1f93a08e932fa0f5bafe0e64c8564b83db87d202d28fa91b83132db2 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.7AI score
Exploits0References1
OSV
OSV
added 2022/11/30 12:15 a.m.1 views

DEBIAN-CVE-2022-4179

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS8.4AI score0.0048EPSS
Exploits0References1
OSV
OSV
added 2022/11/30 12:15 a.m.1 views

UBUNTU-CVE-2022-4180

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS7.3AI score0.00473EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/11/09 7:15 p.m.2 views

CVE-2022-3449

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS7.3AI score0.00411EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/11/01 11:15 p.m.1 views

CVE-2022-3658

Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00399EPSS
Exploits1References3
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.15 views

computeAddress does not follow the standard procedure to compute the address. The contract can not create pool for some pairs due to hash collision

Lines of code Vulnerability details Impact Poor source of randomness, an attacker can easily decipher the computed address. The contract can be easily tricked. This can cause hash collision, due to this, for some pairs, the contract can not create pool. Proof of Concept AlgebraFactory.solL123 : T...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/08/12 8:15 p.m.18 views

CVE-2022-2619

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page...

4.3CVSS6.3AI score0.00353EPSS
Exploits0References6
OSV
OSV
added 2022/07/27 10:15 p.m.0 views

UBUNTU-CVE-2022-1863

Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...

8.8CVSS7.3AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2022/07/27 10:15 p.m.2 views

UBUNTU-CVE-2022-1856

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction...

8.8CVSS7.3AI score0.00488EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/21 7:15 p.m.4 views

CVE-2022-31259

The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...

9.8CVSS7.3AI score0.21573EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/03/17 6:15 a.m.1 views

CVE-2022-24075

Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files...

6.5CVSS5.4AI score0.00846EPSS
Exploits0References2
NVD
NVD
added 2021/10/14 4:15 p.m.14 views

CVE-2021-38346

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

8.8CVSS0.01682EPSS
Exploits0References1
Rows per page
Query Builder