Lucene search
K

261 matches found

Cvelist
Cvelist
added 2024/10/01 12:0 a.m.15 views

CVE-2024-46083

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...

0.00277EPSS
Exploits1References1
OSV
OSV
added 2024/09/16 9:0 a.m.49 views

RHSA-2022:8850 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-ujson) security update

Bulletin has no description...

7.5CVSS6.4AI score0.02283EPSS
Exploits1References13
OSV
OSV
added 2024/09/16 3:0 a.m.20 views

RHSA-2019:3132 Red Hat Security Advisory: OpenShift Container Platform 4.1.20 openshift security update

Bulletin has no description...

7.5CVSS7.5AI score0.25939EPSS
Exploits2References8
OSV
OSV
added 2024/09/05 7:15 p.m.22 views

UBUNTU-CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS5.8AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.7 views

Trusted Firmware-M 安全漏洞

Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...

4.7CVSS6.6AI score0.00293EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.2 views

PT-2024-6380

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.28.9 Mbed TLS versions 3.x prior to 3.6.1 Description The issue is related to the misuse of a cryptographic algorithm in Mbed TLS, where the user-selected algorithm is not used. Specifically, enabling MBEDTLS PSA...

5.1CVSS6AI score0.00236EPSS
Exploits0References30
OSV
OSV
added 2024/08/21 1:15 a.m.16 views

UBUNTU-CVE-2024-43874

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevsnpshutdownlocked Fix a null pointer dereference induced by DEBUGTESTDRIVERREMOVE. Return from sevsnpshutdownlocked if the pspdevice or the sevdevice structs are not initialized...

5.5CVSS6.6AI score0.0018EPSS
Exploits0References5
OSV
OSV
added 2024/08/13 5:15 p.m.4 views

CVE-2021-26344

An out of bounds memory write when processing the AMD PSP1 Configuration Block APCB could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution...

8.2CVSS6AI score0.00161EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/07/24 5:26 a.m.15 views

Leave the World Behind, or don’t

I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it. Shipping security is something we know quite a bit about, having been asked to hack a larg...

7.1AI score
Exploits0
OSV
OSV
added 2024/05/14 5:17 p.m.4 views

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability...

8.8CVSS5.8AI score0.03939EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/05/14 7:0 a.m.38 views

Windows MSHTML Platform Security Feature Bypass Vulnerability

...

8.8CVSS8.9AI score0.03939EPSS
Exploits0
CVE
CVE
added 2024/04/16 9:25 p.m.68 views

CVE-2024-21001

CVE-2024-21001 affects Oracle BI Enterprise Edition (OBIEE) 7.0.0.0.0, with a vulnerability in the BI Platform Security component that allows a low-privileged, network-accessing attacker (HTTP) to potentially modify or read data after user interaction. The issue is described as easily exploitable...

5.4CVSS5.9AI score0.00406EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.5 views

PT-2024-3733 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue is related to insufficient input validation in the BI Platform Security component. It allows a low-privileged attacker with network access via HTTP to...

5.5CVSS6.4AI score0.00406EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

JFreeChart 安全漏洞

JFreeChart is a comprehensive free charting library for the Java platform from the individual developer David Gilbert. A security vulnerability exists in JFreeChart v1.5.4, which stems from an array index out-of-bounds issue...

7.5CVSS6.6AI score0.00532EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/02 12:0 a.m.8 views

The vulnerability of the PSA Crypto application programming interface, as well as the Mbed TLS and Mbed Crypto software, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the PSA Crypto application programming interface and the Mbed TLS and Mbed Crypto software implementations is related to insufficient spatial partitioning. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

5.3CVSS6.6AI score0.0084EPSS
Exploits0References6Affected Software3
SUSE CVE
SUSE CVE
added 2024/03/30 2:57 a.m.3 views

SUSE CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

8.2CVSS7AI score0.0084EPSS
Exploits0References3
OSV
OSV
added 2024/03/29 6:15 a.m.7 views

AZL-47703 CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

8.2CVSS5.7AI score0.0084EPSS
Exploits0References1
OSV
OSV
added 2024/03/29 6:15 a.m.1 views

DEBIAN-CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

8.2CVSS6.6AI score0.0084EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.13 views

IBM Watson IoT Platform Security Breach

IBM Watson IoT Platform is an Internet of Things IoT solution platform from International Business Machines IBM. A security vulnerability exists in IBM Watson IoT Platform version 1.0 that stems from the fact that an unauthorized attacker who obtains a secure authentication token can use it to...

7.5CVSS6.8AI score0.00643EPSS
Exploits0References3
NVD
NVD
added 2024/02/17 2:15 a.m.30 views

CVE-2024-20913

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

5.4CVSS5AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder