Lucene search
K

2294 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/05 10:31 p.m.30 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360 Vulnerability Details...

6.8CVSS6.2AI score0.03889EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 4:4 p.m.29 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/31 6:20 p.m.10 views

BIT-MASTODON-2024-25623 Lack of media type verification of Activity Streams objects allows impersonation of remote accounts

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a Content-Type header value of the Activity Streams media type, which...

8.5CVSS7.8AI score0.00515EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/03/31 2:28 p.m.5 views

Malicious code in bugsnagmw (npm)

The package bugsnagmw npm version 1.0.3 contains malicious code. The code was obfuscated to avoid detection. The malicious code is designed to steal sensitive information from the user's environment and send it to a remote server. See...

7AI score
Exploits0
OSV
OSV
added 2024/03/31 2:28 p.m.11 views

MAL-2024-1199 Malicious code in bugsnagmw (npm)

The package bugsnagmw npm version 1.0.3 contains malicious code. The code was obfuscated to avoid detection. The malicious code is designed to steal sensitive information from the user's environment and send it to a remote server. See...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/20 12:0 a.m.118 views

Jenkins LTS < 2.440.2 / Jenkins weekly < 2.444

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.440.2 or Jenkins weekly prior to 2.444. It is, therefore, affected by a vulnerability: - Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connecti...

7.5CVSS7.5AI score0.01433EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 7:39 p.m.46 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about addressing security vulnerabilities affecting IBM MQ have been published in a security bulletins for CVE-2023-47745, CVE-2023-4218, CVE-2023-44487, CVE-2023-39976, CVE-2024-25016, linked herein. Vulnerability Details...

9.8CVSS8.5AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 1:49 p.m.30 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-52425)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS7.7AI score0.01815EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2024/03/13 2:51 a.m.19 views

CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

9.8CVSS10AI score0.00574EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 8:49 p.m.18 views

GHSA-WRQV-PF6J-MQJP Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Summary A vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer BUF in streamwrap.ts used as a performance...

7.2CVSS7.8AI score0.00722EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/03/04 9:16 a.m.4 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
NVD
NVD
added 2024/03/01 11:15 a.m.14 views

CVE-2024-22457

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and...

8.8CVSS6.9AI score0.00293EPSS
Exploits0References1
Prion
Prion
added 2024/03/01 11:15 a.m.27 views

Authentication flaw

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and...

4.6CVSS7.3AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/01 11:4 a.m.23 views

CVE-2024-22457

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and...

7.1CVSS7.1AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 10:15 p.m.21 views

CVE-2024-0763

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS8.1AI score0.00901EPSS
Exploits1References2
OSV
OSV
added 2024/02/27 10:15 p.m.11 views

CVE-2024-0763

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS7.3AI score
Exploits0References2
Prion
Prion
added 2024/02/27 10:15 p.m.13 views

Path traversal

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

5.5CVSS7.3AI score0.00901EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/27 9:14 p.m.28 views

CVE-2024-0763 Improper validation of document removal parameter

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS8.3AI score0.00901EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/27 9:14 p.m.12 views

CVE-2024-0763 Improper validation of document removal parameter

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

8.1CVSS8.1AI score0.00901EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.4 views

AnythingLLM Input Validation Error Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an input validation error vulnerability that stems from improper cleaning of user input resulting in path traversal. An attacker could use this vulnerability to recursively delete arbitrary folders on a...

8.1CVSS6.9AI score0.00901EPSS
Exploits1References3
Rows per page
Query Builder