Lucene search
+L

80 matches found

CNNVD
CNNVD
added 2025/01/13 12:0 a.m.5 views

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which ste...

7.5CVSS7.5AI score0.00715EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.4 views

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

7.5CVSS7.5AI score0.00661EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.5 views

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

7.5CVSS7.5AI score0.00561EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

Virtuoso Open-Source Edition 安全漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which...

7.5CVSS7.5AI score0.00561EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.4 views

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.1 and prior versions, which stems from improper cleaning of file contents by th...

5.4CVSS7AI score0.00312EPSS
Exploits0References4
Snyk
Snyk
added 2024/10/04 9:22 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login functionality. Note: This only affects Open Source Edition and not OpenC3 COSMOS Enterprise Edition. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects...

6.1CVSS5.3AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2024/10/02 8:15 p.m.36 views

CVE-2024-47529

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

6.5CVSS0.00342EPSS
Exploits1References3
PyPA
PyPA
added 2024/10/02 8:15 p.m.6 views

PYSEC-2024-121

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

6.5CVSS6.8AI score0.00342EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2024/10/02 8:15 p.m.6 views

PYSEC-2024-100

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

6.1CVSS6AI score0.00455EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/02 8:15 p.m.28 views

PYSEC-2024-100

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

6.1CVSS6AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2024/10/02 8:15 p.m.30 views

PYSEC-2024-121

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

6.5CVSS6.4AI score0.00342EPSS
Exploits1References3
OSV
OSV
added 2024/10/02 7:29 p.m.30 views

GHSA-VFJ8-5PJ7-2F9G OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE...

6.1CVSS6.3AI score0.00455EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/10/02 7:17 p.m.41 views

CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

4.8CVSS0.00342EPSS
Exploits1References3
OSV
OSV
added 2024/10/02 7:17 p.m.16 views

CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting s...

4.8CVSS6.5AI score0.00342EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/10/02 7:13 p.m.38 views

CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...

5.1CVSS0.00455EPSS
Exploits0References3
RubySec
RubySec
added 2024/10/02 12:0 a.m.33 views

OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...

6.1CVSS7.1AI score0.00455EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.7 views

PT-2024-30663 · Openc3 · Openc3 Cosmos Open Source Edition

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS Open Source Edition versions prior to 5.19.0 Description: The login functionality of OpenC3 COSMOS contains a reflected cross-site scripting XSS vulnerability. This issue may lead to Remote Code Execution RCE. The vulnerability...

6.1CVSS7AI score0.00455EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2024/07/05 12:0 a.m.46 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Virtuoso Open-Source Edition vulnerabilities (USN-6879-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6879-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL...

8.8CVSS7.4AI score0.00905EPSS
Exploits13References14
Ubuntu
Ubuntu
added 2024/07/04 8:25 p.m.40 views

USN-6879-1: Virtuoso Open-Source Edition vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627,...

8.8CVSS7.4AI score0.00905EPSS
Exploits13
OSV
OSV
added 2024/07/04 8:25 p.m.10 views

USN-6879-1 virtuoso-opensource vulnerabilities

Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626, CVE-2023-31627,...

8.8CVSS7.2AI score0.00905EPSS
Exploits13References14
Rows per page
Query Builder