Lucene search
K

122 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.35 views

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-006)

The version of ansible installed on the remote host is prior to 2.9.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-006 advisory. An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive da...

5.5CVSS7AI score0.00568EPSS
Exploits2References8
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: tomcat

Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...

7.5CVSS6.9AI score0.87553EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/27 11:52 a.m.58 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow a remote attacker to bypass security restrictions and obtain sensitive information, The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS6.4AI score0.02505EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/04/21 12:47 p.m.6 views

SUSE-SU-2023:1949-1 Security update for openstack-cinder, openstack-nova, python-oslo.utils

This update for openstack-cinder, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-nova: - CVE-2022-47951: Fixed file access control through custom VMDK flat descriptor. bsc1207321 Non-security changes included on...

5.7CVSS5.6AI score0.01025EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.24 views

Nutanix AOS : (NXSA-AOS-6.6.0.5)

The version of AOS installed on the remote host is prior to 6.6.0.5. It is, therefore, affected by a vulnerability as referenced in the NXSA-AOS-6.6.0.5 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/03/16 11:30 a.m.162 views

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

7.3AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/25 11:28 a.m.49 views

Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-45143

Summary IBM UrbanCode Build is affected by CVE-2022-45143 Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By...

7.5CVSS7.3AI score0.02505EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.24 views

Apache Tomcat 9.0.0-M1 < 9.0.69 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

7.5CVSS7.6AI score0.02505EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.61 views

Apache Tomcat 8.5.x < 8.5.84 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

7.5CVSS7.6AI score0.02505EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/05 12:0 a.m.22 views

Apache Tomcat 10.1.0-M1 < 10.1.2 JsonErrorReportValve Injection

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...

7.5CVSS7.6AI score0.02505EPSS
Exploits0References2
OSV
OSV
added 2023/01/03 7:15 p.m.19 views

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.4AI score
Exploits0References3
NVD
NVD
added 2023/01/03 7:15 p.m.18 views

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References3
Prion
Prion
added 2023/01/03 7:15 p.m.33 views

Design/Logic Flaw

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

5CVSS7.3AI score0.02505EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/03 7:15 p.m.71 views

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS6.9AI score0.02505EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/01/03 6:12 p.m.118 views

CVE-2022-45143

The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS8.3AI score0.02505EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/03 12:0 a.m.31 views

Apache Tomcat 10.1.0.M1 < 10.1.2

The version of Tomcat installed on the remote host is prior to 10.1.2. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.2security-10 advisory. - The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the...

7.5CVSS7.5AI score0.02505EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/15 2:8 a.m.50 views

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS6.6AI score0.00533EPSS
Exploits1References2
Apache Tomcat
Apache Tomcat
added 2022/11/21 12:0 a.m.36 views

Fixed in Apache Tomcat 8.5.84

Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143 The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2022/11/14 12:0 a.m.152 views

Fixed in Apache Tomcat 9.0.69

Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143 The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2022/11/14 12:0 a.m.46 views

Fixed in Apache Tomcat 10.1.2

Low: Apache Tomcat JsonErrorReportValve injection CVE-2022-45143 The JsonErrorReportValve did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or...

7.5CVSS7.5AI score0.02505EPSS
Exploits0Affected Software1
Rows per page
Query Builder