Lucene search
K

171 matches found

CNNVD
CNNVD
added 2024/03/26 12:0 a.m.2 views

PyAnsys Geometry 安全漏洞

PyAnsys Geometry is an Ansys open source Python client library for the Ansys Geometrics service and other CAD Ansys products such as Ansys Discovery and Ansys SpaceClaim. A security vulnerability exists in PyAnsys Geometry. An attacker can exploit the vulnerability to perform malicious actions on...

7.8CVSS7.3AI score0.00334EPSS
Exploits1References8
OSV
OSV
added 2024/03/18 5:21 p.m.11 views

GHSA-X2H8-QMJ4-G62F ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References4
CVE
CVE
added 2024/03/15 11:44 p.m.69 views

CVE-2024-28862

The CVE-2024-28862 entry concerns the Ruby One Time Password library (ROTP). Affected versions had overly permissive default file permissions (0666) on Ruby .rb files, enabling potential local access/impact due to insecure permissions. The advisory advises upgrading to version 6.3.0; if patching ...

5.5CVSS5.2AI score0.00176EPSS
Exploits0References1Affected Software1
Talos Blog
Talos Blog
added 2024/02/28 5:0 p.m.38 views

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Cisco Talos has disclosed more than 30 vulnerabilities in February, including seven in Adobe Acrobat Reader, one of the most popular PDF editing and reading software currently available. Adversaries could exploit these vulnerabilities to trigger the reuse of a previously freed object, thus causin...

7.5CVSS9.5AI score0.04448EPSS
Exploits19
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.3 views

libLAS Security Vulnerabilities

libLAS is a libLAS open source library for reading and writing geospatial data encoded in the ASPRS laser file format versions 1.0, 1.1 and 1.2. A security vulnerability exists in libLAS version 1.8.1, which originates from a memory leak contained in /libLAS/apps/ts2las.cpp...

7.5CVSS6.8AI score0.01158EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.4 views

van_der_Schaar LAB synthcity code issue vulnerability

synthcity is a vanderSchaar LAB open source library for generating and evaluating synthetic tabular data. A code issue vulnerability exists in vanderSchaar LAB synthcity version 0.2.9, which stems from an incorrect operation that can lead to deserialization...

9.8CVSS7AI score0.00678EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/16 8:21 p.m.42 views

Security Bulletin: Vulnerability in ZooKeeper affects IBM Process Mining CVE-2023-44981

Summary There is a vulnerability in ZooKeeper that could allow an attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44981...

9.1CVSS9.3AI score0.01713EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.5 views

O-RAN Software Community ric-plt-e2mgr Security Vulnerability

O-RAN Software Community ric-plt-e2mgr is an open source library from O-RAN Software Community. A security vulnerability exists in O-RAN Software Community ric-plt-e2mgr. An attacker could exploit this vulnerability to cause a denial of service DoS by sending a specially crafted request to the...

7.7CVSS6.6AI score0.00551EPSS
Exploits1References2
OSV
OSV
added 2023/11/18 10:15 p.m.2 views

CVE-2023-47551

Cross-Site Request Forgery CSRF vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12...

8.8CVSS7.3AI score0.00286EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/11/09 6:34 p.m.2 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46445 Source advisory: OSV:GHSA-CFC2-WR2V-GXM5...

5.9CVSS6.2AI score0.00586EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/11/05 12:0 a.m.47 views

Fedora: Security Advisory for folly (FEDORA-2023-7934802344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.99999EPSS
Exploits19References4
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.3 views

OAuth Identity XWiki App Cross-Site Scripting Vulnerability

OAuth Identity XWiki App is an open source XWiki SAS library of essential elements for building identities and service providers based on OAuth authorization. A cross-site scripting vulnerability exists in OAuth Identity XWiki App, which stems from the identityOAuth parameter sent in a GET reques...

10CVSS6AI score0.01088EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/10/02 8:38 p.m.39 views

TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

7.8AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.5 views

Armeria 安全漏洞

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. A security vulnerability exists in versions of Armeria prior to 1.24.3, which stems from a vulnerability that allows the use of JettyService paths containing matrix variables to...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References4
OSV
OSV
added 2023/06/27 9:24 p.m.17 views

CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

6.2CVSS5.7AI score0.00352EPSS
Exploits1References5
Snyk
Snyk
added 2023/06/07 3:19 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the yajltreeparse function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other vulnerabilities, DoS attacks...

7.5CVSS7.1AI score0.01129EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/20 12:0 a.m.3 views

API Umbrella Web 跨站脚本漏洞

API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with an unknown portion of the component Admin Data Table Handler that can lead to a cross-site scripting...

6.1CVSS4.6AI score0.00489EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/02/04 12:0 a.m.5 views

API Umbrella Web 跨站脚本漏洞

API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with unknown code in the component Flash Message Handler that can lead to cross-site scripting...

6.1CVSS4.2AI score0.00535EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.3 views

definely 跨站脚本漏洞

definely is an open source library from Ritter Insurance Marketing. Designed to allow words and abbreviations to be created and linked to definely. A cross-site scripting vulnerability exists in definely. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

6.1CVSS4.7AI score0.00523EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.3 views

show-me-the-way 跨站脚本漏洞

show-me-the-way is an open source library from OSM Lab. It is used to view OSM edits made in real time. A cross-site scripting vulnerability exists in OSM Lab show-me-the-way, which stems from some unknown handling of the file js/site.js being problematic and can lead to cross-site scripting...

6.1CVSS3.9AI score0.0053EPSS
Exploits0References5
Rows per page
Query Builder