Lucene search
K

154 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/08 12:0 a.m.38 views

Oracle Linux 8 : istio (ELSA-2023-12780)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12780 advisory. - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. olcne - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 Tenable has...

9.8CVSS6.8AI score0.00735EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/09/06 12:0 a.m.29 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

9.8CVSS7.4AI score0.01106EPSS
Exploits3References12
NVD
NVD
added 2023/07/25 7:15 p.m.10 views

CVE-2023-35943

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the origin header is removed and deleted between decodeHeadersand encodeHeaders. Versions 1.27....

7.5CVSS7.7AI score0.00584EPSS
Exploits1References1
CVE
CVE
added 2023/07/25 6:35 p.m.81 views

CVE-2023-35944

CVE-2023-35944 affects Envoy. The issue arises from case-sensitive internal HTTP/2 scheme checks, allowing mixed-case schemes (e.g., htTp, htTps) to be rejected or to bypass certain requests over unencrypted connections. The vulnerability exists prior to fixed releases and is mitigated by a patch...

8.2CVSS7.1AI score0.00598EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 6:35 p.m.12 views

CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...

8.2CVSS6.6AI score0.00598EPSS
Exploits1References1
CNVD
CNVD
added 2023/06/08 12:0 a.m.57 views

Nacos Jraft Hessian Deserialization Vulnerability

Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.15 views

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS5.9AI score0.01587EPSS
Exploits1References4
NVD
NVD
added 2023/05/18 10:15 p.m.50 views

CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

9.8CVSS9.7AI score0.00891EPSS
Exploits0References2
NVD
NVD
added 2023/05/18 10:15 p.m.39 views

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

9.8CVSS9.7AI score0.00891EPSS
Exploits0References2
NVD
NVD
added 2023/05/18 10:15 p.m.106 views

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

9.8CVSS9.6AI score0.00891EPSS
Exploits0References2
NVD
NVD
added 2023/05/18 10:15 p.m.53 views

CVE-2023-23556

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...

9.8CVSS9.8AI score0.00891EPSS
Exploits0References2
OSV
OSV
added 2023/05/18 10:15 p.m.31 views

CVE-2023-23556

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...

9.8CVSS8AI score0.00891EPSS
Exploits0References2
OSV
OSV
added 2023/05/18 10:15 p.m.42 views

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

9.8CVSS8.2AI score0.01249EPSS
Exploits0References2
Prion
Prion
added 2023/05/18 10:15 p.m.22 views

Null pointer dereference

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...

5CVSS7.6AI score0.00723EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/05/18 10:15 p.m.24 views

Design/Logic Flaw

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

7.5CVSS9.8AI score0.01249EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/18 9:27 p.m.58 views

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

10AI score0.01249EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/18 9:26 p.m.62 views

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

9.8AI score0.00891EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/18 9:24 p.m.38 views

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

9.9AI score0.00891EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/18 9:24 p.m.9 views

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

9.7AI score0.00891EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/18 9:24 p.m.9 views

CVE-2023-24833

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most...

7AI score0.00644EPSS
Exploits0References2
Rows per page
Query Builder