Lucene search
K

122 matches found

Fedora
Fedora
added 2022/07/04 1:35 a.m.33 views

[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc36

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

9.3CVSS8.7AI score0.05994EPSS
Exploits4
OSV
OSV
added 2022/05/27 4:23 a.m.7 views

OPENSUSE-SU-2022:0148-1 Security update for varnish

This update for varnish fixes the following issues: varnish was updated to release 7.1.0 boo1195188 CVE-2022-23959 VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. VMOD: New STRING strftimeTIME time, STRING format function for UTC formatting...

9.1CVSS7.9AI score0.01957EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/02/09 10:0 p.m.31 views

Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS1.1AI score0.00568EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2021/10/21 5:15 p.m.14 views

Code injection

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection BFD will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...

4CVSS6.5AI score0.00416EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/21 4:41 p.m.51 views

CVE-2021-28496

CVE-2021-28496 affects Arista EOS and CloudEOS: when using shared secret profiles, the password used for BiDirection Forwarding Detection (BFD) can be leaked through eAPI/JSON outputs to other authenticated users. Affected EOS trains include all 4.22.x, 4.23.x up to 4.23.9, 4.24.x up to 4.24.7, 4...

6.5CVSS6AI score0.00416EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/10/20 6:7 p.m.9 views

OPENSUSE-SU-2021:1390-1 Security update for ssh-audit

This update for ssh-audit fixes the following issues: ssh-audit was updated to version 2.5.0 Fixed crash when running host key tests. Handles server connection failures more gracefully. Now prints JSON with indents when -jj is used useful for debugging. Added MD5 fingerprints to verbose output...

5.9CVSS5.7AI score0.98631EPSS
Exploits23References2
Kitploit
Kitploit
added 2021/08/18 9:30 p.m.330 views

Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns

jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it. How to install Directly: your package manager install pkg-config libpcre++-dev go get...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2021/07/12 12:30 p.m.225 views

Sx - Fast, Modern, Easy-To-Use Network Scanner

sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with clean and simple code. Features 30x times faster than nmap ARP scan : Scan your local networks to detect live devices ICMP scan : Use advanced ICMP...

7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/04/30 5:29 p.m.59 views

Gon gem lack of escaping certain input when outputting as JSON

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...

6.1CVSS6.2AI score0.01376EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/30 5:29 p.m.22 views

GHSA-78VQ-9J56-WRFR Gon gem lack of escaping certain input when outputting as JSON

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...

6.1CVSS6AI score0.01376EPSS
Exploits0References6
Snyk
Snyk
added 2021/04/09 11:19 a.m.2 views

Information Exposure

Overview foremanazurerm is a This gem provides Azure Resource Manager as a compute resource for The Foreman Affected versions of this package are vulnerable to Information Exposure. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API...

8.1CVSS6.8AI score0.0065EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/01/26 11:30 a.m.113 views

Duf - Disk Usage/Free Utility (Linux, BSD, macOS & Windows)

Disk Usage/Free Utility Linux, BSD, macOS & Windows Features User-friendly, colorful output Adjusts to your terminal's width Sort the results according to your needs Groups & filters devices Can conveniently output JSON Installation Packages Linux Arch Linux: duf Nix: nix-env -iA nixpkgs.duf...

6.9AI score
Exploits0References2
OSV
OSV
added 2020/11/26 2:52 p.m.7 views

SUSE-SU-2020:3539-1 Security update for ceph

This update for ceph fixes the following issues: Security issue fixed: - CVE-2020-25660: Bring back CEPHXV2 authorizer challenges bsc1177843. - mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically bsc1170200 - mon: have 'mon stat' output json as well bsc1174466 -...

8.8CVSS8.7AI score0.01022EPSS
Exploits0References8
Kitploit
Kitploit
added 2020/11/03 11:30 a.m.48 views

Webshell-Analyzer - Web Shell Scanner And Analyzer

Web shell analyzer is a cross platform stand-alone binary built solely for the purpose of identifying, decoding, and tagging files that are suspected to be web shells. The web shell analyzer is the bigger brother to the web shell scanner project http://github.com/tstillz/webshell-scan, which only...

7AI score
Exploits0References3
NVD
NVD
added 2020/09/11 6:15 p.m.18 views

CVE-2020-14330

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS0.00568EPSS
Exploits1References3
OSV
OSV
added 2020/09/11 6:15 p.m.44 views

CVE-2020-14330

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS2.8AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2020/09/11 6:15 p.m.38 views

PYSEC-2020-3

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS2.8AI score0.00568EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2020/09/11 12:0 a.m.28 views

CVE-2020-14330

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

5.5CVSS5.5AI score0.00568EPSS
Exploits1
Kitploit
Kitploit
added 2020/08/24 12:30 p.m.35 views

Parth - Heuristic Vulnerable Parameter Scanner

Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually contains URLs as the value and hence often falls victim to file inclusion, open redirect and SSRF attacks. Parth can go through your burp history, a list of URLs...

7.4AI score
Exploits0References1
Kitploit
Kitploit
added 2020/08/09 12:30 p.m.116 views

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

7.4AI score
Exploits0References4
Rows per page
Query Builder