Lucene search
K

44 matches found

Vulnrichment
Vulnrichment
added 2025/01/30 12:4 p.m.12 views

CVE-2022-43916 IBM App Connect Enterprise Certified Container improper communications restriction

IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure...

6.8CVSS6.6AI score0.00265EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.8 views

PT-2025-1368 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 7.1 through 12.7 Description: The issue concerns the IBM App Connect Enterprise Certified Container, where Pods used for internal infrastructure do not restrict network egress. This coul...

9.1CVSS6.9AI score0.00265EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.5 views

IBM App Connect Enterprise Certified Container 安全漏洞

IBM App Connect Enterprise Certified Container is an image based on the IBM App Connect Enterprise software product from International Business Machines IBM. The package is provided as an executable file that can be deployed and run in a containerized environment. A security vulnerability exists ...

9.1CVSS6.4AI score0.00265EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/12/06 7:48 p.m.36 views

Kali Linux 2023.4 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.4. This release has various impressive updates. The summary of the changelog since the 2023.3 release from August is: Cloud ARM64 - Now marketplaces on Amazon AWS and Microsoft Azure have ARM64 option Vagrant Hyper-V - Our Vagrant offering...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2023/08/24 3:8 a.m.39 views

Kali Linux 2023.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.3. This release has various impressive updates. The highlights of the changelog since the 2023.2 release from May: Internal Infrastructure - Major stack changes is under way Kali Autopilot - The automation attack framework has had an major...

7.3AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.6 views

SUSE CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.1AI score0.01809EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.4 views

SUSE CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS6.3AI score0.00894EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/07 2:15 p.m.2 views

CVE-2022-29564

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801...

7.5CVSS5.9AI score0.0088EPSS
Exploits0References3
OSV
OSV
added 2022/06/07 2:15 p.m.7 views

CVE-2022-29564

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801...

7.5CVSS7.1AI score0.0088EPSS
Exploits0References2
Prion
Prion
added 2022/06/07 2:15 p.m.17 views

Design/Logic Flaw

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801...

5CVSS7.5AI score0.0088EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/06/07 1:23 p.m.27 views

CVE-2022-29564

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801...

7.7AI score0.0088EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/06/23 6:50 p.m.61 views

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device. This is an instance of CWE-798: Use of Hard-coded Credentials, and has an estimated CVSSv3 score of 9.1...

6.9CVSS1.1AI score0.00356EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/13 3:13 p.m.30 views

Open redirect via transitional IPv6 addresses on dual-stack networks

Impact Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL...

6.3CVSS2.1AI score0.00894EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/04/12 10:15 p.m.3 views

DEBIAN-CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS6.7AI score0.00894EPSS
Exploits0References1
PyPA
PyPA
added 2021/04/12 10:15 p.m.6 views

PYSEC-2021-25

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS6.7AI score0.00894EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/02/28 1:22 a.m.27 views

Insecure Access Controls

matrix-synapse is vulnerable to authorization bypass. Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications, potentially resulting in Synapse to make requests to the internal...

6.1CVSS2.8AI score0.01809EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2021/02/26 6:15 p.m.4 views

DEBIAN-CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.7AI score0.01809EPSS
Exploits0References1
NVD
NVD
added 2021/02/26 6:15 p.m.31 views

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS0.01809EPSS
Exploits0References5
CVE
CVE
added 2021/02/26 5:25 p.m.230 views

CVE-2021-21273

Synapse (matrix-synapse, Python/pypi) contains a vulnerability in versions before 1.25.0 where requests to user-provided domains were not restricted to external IPs when computing the key validity for third-party invite events and push notifications. This could allow requests to internal infrastr...

6.1CVSS5.2AI score0.01809EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2021/02/09 9:45 a.m.1 views

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF via the download feature. This allows attackers to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform...

4.3CVSS6.8AI score0.01173EPSS
Exploits0References2
Rows per page
Query Builder