Lucene search
K

7487 matches found

Prion
Prion
added 2023/12/12 5:15 p.m.19 views

Directory traversal

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

5CVSS7AI score0.013EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/12 4:27 p.m.46 views

Low: Red Hat Security Advisory: curl security update

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

5.9CVSS6.7AI score0.02511EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.33 views

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

8.1AI score0.013EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.11 views

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

6.9AI score0.013EPSS
Exploits0References3
CVE
CVE
added 2023/12/12 12:0 a.m.3219 views

CVE-2023-28465

CVE-2023-28465 affects HL7 FHIR Core Libraries prior to 5.6.106. The vulnerability stems from the package‑decompression feature, allowing directory traversal that enables copying arbitrary files to certain directories when an attacker’s chosen path contains a substring of an allowed directory nam...

7.5CVSS7.7AI score0.013EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/11 12:56 p.m.28 views

Security Bulletin: Vulnerability in Java IBM SDK (CVE-2023-22049) affects Power HMC

Summary Java IBM SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity...

3.7CVSS5.5AI score0.01316EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/12/08 12:15 a.m.16 views

CVE-2023-6061

Rejected reason: This CVE ID has been rejected/withdrawn by its CVE Numbering Authority Palo Alto Networks based on discussions with Mitsubishi Electronics Corporation's PSIRT...

Exploits0
Cvelist
Cvelist
added 2023/12/07 11:21 p.m.19 views

CVE-2023-6061

...

7.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/12/07 11:21 p.m.9 views

CVE-2023-6061

...

6.6AI score
Exploits0
Fedora
Fedora
added 2023/12/06 1:46 a.m.27 views

[SECURITY] Fedora 38 Update: motif-2.3.4-30.fc38

This is the Motif 2.3.4 run-time environment. It includes the Motif shared libraries, needed to run applications which are dynamically linked against Motif and the Motif Window Manager mwm...

5.5CVSS7.2AI score0.00365EPSS
Exploits0
Fedora
Fedora
added 2023/12/06 1:40 a.m.35 views

[SECURITY] Fedora 39 Update: motif-2.3.4-30.fc39

This is the Motif 2.3.4 run-time environment. It includes the Motif shared libraries, needed to run applications which are dynamically linked against Motif and the Motif Window Manager mwm...

5.5CVSS7.2AI score0.00365EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/12/06 12:0 a.m.19 views

Fedora: Security Advisory (FEDORA-2023-e1c7fae02e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.4AI score0.00365EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/05 11:30 p.m.31 views

github.com/ecies/go vulnerable to possible private key restoration

Impact If functions Encapsulate, Decapsulate and ECDH could be called by an attacker, he could recover any private key that he interacts with. Patches Patched in v2.0.8 Workarounds You could manually check public key by calling IsOnCurve function from secp256k1 libraries. References...

4.9CVSS6.8AI score0.00335EPSS
Exploits1References6Affected Software1
Fedora
Fedora
added 2023/12/05 4:27 p.m.30 views

[SECURITY] Fedora 37 Update: motif-2.3.4-30.fc37

This is the Motif 2.3.4 run-time environment. It includes the Motif shared libraries, needed to run applications which are dynamically linked against Motif and the Motif Window Manager mwm...

5.5CVSS6.8AI score0.00365EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.4 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49383 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49383 Source advisory: OSV:GHSA-RQ2Q-HC6H-2PX2...

8.8CVSS7.2AI score0.00391EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 3:30 p.m.6 views

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-49446 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-49446 Source advisory: OSV:GHSA-HV4C-V8J8-54CW...

8.8CVSS7.2AI score0.00394EPSS
Exploits1
OSV
OSV
added 2023/12/05 3:15 p.m.4 views

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device...

8.8CVSS5.9AI score0.00958EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/05 2:29 p.m.22 views

CVE-2023-6357 OS Command Injection in multiple CODESYS products

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device...

8.8CVSS9AI score0.00958EPSS
Exploits0References1
CVE
CVE
added 2023/12/05 2:29 p.m.53 views

CVE-2023-6357

CVE-2023-6357 is described as an OS command injection affecting multiple CODESYS Control products. Affected component is the SysFile/CAA-File system libraries; the root cause is command injection via these libraries. Reported impact is attacker gaining full control of the device; attack vector re...

8.8CVSS8.9AI score0.00958EPSS
Exploits0References2Affected Software11
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.6 views

PT-2023-32625 · Codesys · Codesys Control For Beaglebone +19

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A low-privileged remote attacker could exploit the issue and inject additional system commands via file system libraries, potentially giving the attacke...

8.8CVSS8.7AI score0.00958EPSS
Exploits0References5
Rows per page
Query Builder