Lucene search
K

2293 matches found

Rockylinux
Rockylinux
added 2024/09/30 2:30 p.m.15 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, videos...

7.5CVSS7.6AI score0.01127EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/25 12:0 a.m.28 views

RHEL 8 : git-lfs (RHSA-2024:7135)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:7135 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

7.5CVSS7.5AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/09/25 12:0 a.m.26 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...

7.5CVSS7.3AI score0.01127EPSS
Exploits0References4
OSV
OSV
added 2024/09/25 12:0 a.m.13 views

ALSA-2024:7136 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...

7.5CVSS8.2AI score0.01127EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/09/25 12:0 a.m.24 views

Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...

7.5CVSS7.3AI score0.01127EPSS
Exploits0References4
OSV
OSV
added 2024/09/25 12:0 a.m.10 views

ALSA-2024:7135 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structure...

7.5CVSS8.2AI score0.01127EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/19 3:55 p.m.21 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-40681, CVE-2024-40680, CVE-2024-2511, CVE-2024-21085 Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS6.2AI score0.54026EPSS
Exploits0Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/09/12 5:16 a.m.12 views

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/03 4:18 p.m.7 views

libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion

A flaw was found in libproxy in versions 0.4 through 0.4.15. A remote HTTP server can trigger an uncontrolled recursion via a response composed of an infinite stream that lacks a newline character leading to a stack exhaustion. The highest threat from this vulnerability is to system availability...

7.5CVSS7.3AI score0.04284EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/30 11:37 p.m.9 views

gratient 0.5 contains credential harvesting code

gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram...

7.2AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/08/30 11:37 p.m.10 views

GHSA-XM4R-5RJ9-2PG3 gratient 0.5 contains credential harvesting code

gratient is a user-facing library for generating color gradients of text. Version 0.5 contained obfuscated, malicious code targeting Windows platforms, harvesting information and credentials from the user's system and sending them to a remote server. Services may include Mullvad VPN and Telegram...

8.7CVSS7.2AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/19 7:53 p.m.20 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2024-31882, CVE-2024-29857, CVE-2024-30172, CVE-2024-30171, CVE-2024-35136, CVE-2024-35152, CVE-2024-37529 Vulnerability Details...

7.5CVSS6.9AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/19 7:51 p.m.21 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2023-50315

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.9CVSS5.5AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 8:1 p.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35153

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.8CVSS5AI score0.00362EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/08/14 4:15 a.m.12 views

CVE-2024-7728

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...

7.2CVSS0.00721EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/14 3:26 a.m.10 views

CVE-2024-7728 CAYIN Technology CMS - OS Command Injection

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...

7.2CVSS7.3AI score0.00721EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/14 3:26 a.m.16 views

CVE-2024-7728 CAYIN Technology CMS - OS Command Injection

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...

7.2CVSS0.00721EPSS
Exploits0References3
OSV
OSV
added 2024/08/13 9:15 p.m.9 views

CVE-2024-7742

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...

9.8CVSS5.5AI score0.00824EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/12 2:44 a.m.21 views

CVE-2024-7693 Team Johnlong software Raiden MAILD Remote Management System - Arbitrary File Reading through Path Traversal

Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server...

7.5CVSS0.00965EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/02 10:36 a.m.33 views

CVE-2024-7323 Digiwin EasyFlow .NET - Arbitrary File Download

Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server...

6.5CVSS7.1AI score0.00599EPSS
Exploits0References2
Rows per page
Query Builder