Lucene search
K

179 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.25 views

Oracle Linux 9 : pcs (ELSA-2023-12235)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12235 advisory. 0.11.3-4.el91.3 - Fixed a vulnerability in pcs-web-ui-node-modules - Resolves: rhbz2179900 Tenable has extracted the preceding description block directly from...

9.8CVSS8.1AI score0.01421EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/05 12:0 a.m.33 views

AlmaLinux 9 : pcs (ALSA-2023:1591)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1591 advisory. - Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property...

9.8CVSS8.1AI score0.01421EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.34 views

RHEL 9 : pcs (RHSA-2023:1591)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1591 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: webpack: avoid cross-realm...

9.8CVSS8.1AI score0.01421EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/22 8:44 p.m.12 views

CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

8.8CVSS8.3AI score0.06736EPSS
Exploits2References3
Cvelist
Cvelist
added 2023/03/21 4:51 p.m.18 views

CVE-2023-1305 Rapid7 InsightCloudSec box object access

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1AI score0.00777EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/21 4:51 p.m.8 views

CVE-2023-1305 Rapid7 InsightCloudSec box object access

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8AI score0.00777EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.5 views

PT-2023-35700 · Git +1 · Mruby

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including mrb obj iv get, class name str, and mrb...

6.9AI score
Exploits0References2
Veracode
Veracode
added 2023/03/15 2:27 a.m.181 views

Sensitive Information Disclosure

webpack is vulnerable to Sensitive Information Disclosure. The vulnerability exists because ImportParserPlugin.js does not restrict cross-realm object access and mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real...

9.8CVSS8.7AI score0.01421EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/13 3:30 a.m.115 views

Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS8.8AI score0.01421EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2023/03/13 1:15 a.m.25 views

Design/Logic Flaw

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

7.5CVSS9.2AI score0.01421EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/13 1:15 a.m.64 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS7.1AI score0.01421EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/13 12:0 a.m.31 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.5AI score0.01421EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/03/13 12:0 a.m.25 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS8.5AI score0.01421EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/13 12:0 a.m.8 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.4AI score0.01421EPSS
Exploits0References5
CVE
CVE
added 2023/03/13 12:0 a.m.273 views

CVE-2023-28154

CVE-2023-28154 affects Webpack 5 before 5.76.0. ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to obtain access to the real global object (cross-realm object access). CVSS v3.1 base score 9.8 (CRITICAL). Remediation:...

9.8CVSS9.1AI score0.01421EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/03/13 12:0 a.m.31 views

CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS9.5AI score0.01421EPSS
Exploits0References7
OSV
OSV
added 2022/12/21 6:30 a.m.5 views

GHSA-4W2J-2RG4-5MJW vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS7.2AI score0.01425EPSS
Exploits1References6
NVD
NVD
added 2022/12/21 5:15 a.m.29 views

CVE-2022-25893

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS0.01425EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.6 views

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 versions prior to 3.9.10, which stems from the use of prototype lookups in the...

9.8CVSS8.9AI score0.01425EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.4 views

PT-2022-6982 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. The specific flaw exists within the handling of XML data...

8.8CVSS7.3AI score0.00855EPSS
Exploits0References7
Rows per page
Query Builder