Lucene search
+L

21 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in OpenVPN

OpenVPN 2.1 up to v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plugins when more than one of them uses deferred authentication responses. This allows an external user to be granted access with only partially correct credentials...

9.8CVSS6.7AI score0.03519EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/05/12 6:54 p.m.12 views

Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Background Nomad’s Dynamic Host Volumes feature allows the cluster admin t...

8.8CVSS7.2AI score0.06892EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/02/13 11:45 a.m.24 views

CVE-2025-68493 impact on Bamboo

h3. Issue Summary Impact of CVE-2025-68493 in Bamboo https://cwiki.apache.org/confluence/display/WW/S2-069 Parsing of XML configuration in XWork component does not validate XML in proper way and it's vulnerable to XML external entity XXE injection. h3. Steps to Reproduce ||Impact of...

8.1CVSS5.9AI score0.23054EPSS
Exploits1
OSV
OSV
added 2025/10/21 9:28 p.m.8 views

CLSA-2025-1761082098 Fix CVE(s): CVE-2022-0547

SECURITY UPDATE: Authentication bypass in external authentication plug-ins with only partially correct credentials - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins - CVE-2022-0547 Update sample keys for testing - debian/sample-keys/ - debian/rules -...

9.8CVSS5.8AI score0.03519EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-46577

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00685EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/01 5:11 p.m.7 views

Privileged Vault Operator May Execute Code on the Underlying Host

Summary A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. This vulnerability, identified as CVE-2025-6000, is fixed in Vault Community Edition 1.20.1 and...

9.1CVSS7.5AI score0.00867EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 1:51 a.m.20 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

8.8CVSS6.4AI score0.00685EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/23 10:37 p.m.75 views

Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...

8.8CVSS7.6AI score0.19653EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/12/07 6:15 p.m.45 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

8.8CVSS0.00685EPSS
Exploits0References2
OSV
OSV
added 2022/12/07 6:15 p.m.6 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

8.8CVSS5.8AI score0.00685EPSS
Exploits0References2
Prion
Prion
added 2022/12/07 6:15 p.m.26 views

Authorization

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

6.5CVSS8.4AI score0.00685EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/07 5:7 p.m.9 views

CVE-2022-43581 IBM Content Navigator code execution

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

7.5CVSS6.6AI score0.00685EPSS
Exploits0References2
CVE
CVE
added 2022/12/07 5:7 p.m.81 views

CVE-2022-43581

CVE-2022-43581 affects IBM Content Navigator versions 3.0.0 through 3.0.12, where missing authorization could allow an authenticated user to load external plugins and execute code. The issue is documented across IBM security bulletins and Red Hat advisories, with remediation guidance including ap...

8.8CVSS8AI score0.00685EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/07 5:7 p.m.41 views

CVE-2022-43581 IBM Content Navigator code execution

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

7.5CVSS8.4AI score0.00685EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.5 views

PT-2022-26977 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.0 through 3.0.12 Description: The issue is related to missing authorization, which could allow an authenticated user to load external plugins and execute code. Recommendations: For IBM Content Navigator...

8.8CVSS8.4AI score0.00685EPSS
Exploits0References4
OSV
OSV
added 2022/03/18 6:15 p.m.2 views

DEBIAN-CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS7.3AI score0.03519EPSS
Exploits0References1
OSV
OSV
added 2022/03/18 6:15 p.m.5 views

ALPINE-CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.8CVSS7.1AI score0.03519EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/03/18 6:0 p.m.2 views

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.6AI score0.03519EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/03/18 6:0 p.m.24 views

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

9.7AI score0.03519EPSS
Exploits0References6
OSV
OSV
added 2021/09/07 8:45 a.m.8 views

OPENSUSE-SU-2021:2971-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

7.8CVSS6.3AI score0.00531EPSS
Exploits0References23
Rows per page
Query Builder