Lucene search
K

1616 matches found

Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-19303 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 3.8.0 Description: The issue concerns the refresh token in vantage6, a privacy-preserving federated learning infrastructure, which is currently valid indefinitely. This is considered bad security practice. The refre...

8.8CVSS8.5AI score0.00571EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.3 views

SUSE CVE-2008-3187

zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service package data corruption via a spoofed key...

5CVSS6.8AI score0.01674EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header or 2 specifying the content of a Refresh header. NOTE...

4.3CVSS7.9AI score0.05565EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.4 views

SUSE CVE-2010-2948

Stack-based buffer overflow in the bgprouterefreshreceive function in bgppacket.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a malformed Outbound Route Filtering ORF record in a BGP...

6.5CVSS8.1AI score0.04041EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

9.3CVSS6.5AI score0.03796EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.5 views

SUSE CVE-2012-0420

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPPLOCKFILEROOT environment variable...

4.4CVSS7.2AI score0.00337EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.3 views

SUSE CVE-2012-2094

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

4.3CVSS5.7AI score0.02415EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:31 a.m.5 views

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

5.8CVSS6.7AI score0.02093EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.3 views

SUSE CVE-2015-5225

Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...

7.2CVSS8.2AI score0.00533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.2 views

SUSE CVE-2017-2633

An out-of-bounds memory access issue was found in Quick Emulator QEMU before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...

6.5CVSS8.5AI score0.03036EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

6.1CVSS9.1AI score0.0107EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.1 views

SUSE CVE-2018-12377

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1...

5.3CVSS9.2AI score0.03357EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS8.2AI score0.0105EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.2 views

SUSE CVE-2018-19516

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...

5.3CVSS5.4AI score0.01104EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.6 views

SUSE CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...

7.5CVSS9AI score0.02043EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

5.9CVSS6.9AI score0.01155EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-25214

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malform...

6.5CVSS8.8AI score0.0594EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-42114

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS8.2AI score0.02889EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.2 views

SUSE CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

7.5CVSS8.8AI score0.00768EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.39 views

Security Bulletin: IBM CICS TX Standard is vulnerable to a back and refresh attack (CVE-2022-33955)

Summary IBM CICS TX could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. The fix removes this vulnerability CVE-2022-33955 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-33955 DESCRIPTION: IBM CICS TX could allow...

6.8CVSS5.3AI score0.00512EPSS
Exploits0Affected Software1
Rows per page
Query Builder