Lucene search
K

6095 matches found

CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

HYPR Backlink Vulnerability

HYPR is a security application from HYPR that implements password-less security. A security vulnerability exists in HYPR Workforce Access prior to version 8.7 that stems from an incorrectly resolved file access link that allows a user to take control of a file name...

7.8CVSS6.7AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2024/01/10 11:1 a.m.9 views

OPENSUSE-SU-2024:0016-1 Security update for opera

This update for opera fixes the following issues: opera was updated to 106.0.4998.28 CHR-9566 Update Chromium on desktop-stable-120-4998 to 120.0.6099.200 DNA-113161 Weather 'Weather Location' description is almost invisible in dark mode DNA-113351 'Previous tile' should be the same size as 'next...

8.8CVSS8.7AI score0.10114EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2023/12/26 11:51 a.m.26 views

Advisory ROSA-SA-2023-2316

Software: libgcrypt 1.8.5 OS: ROSA Virtualization 2.1 packageevrstring: libgcrypt-1.8.5-7.rv3.src.rpm CVE-ID: CVE-2021-40528 BDU-ID: 2022-00593 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation ...

5.9CVSS6.7AI score0.01423EPSS
Exploits1
NVD
NVD
added 2023/12/23 1:15 p.m.14 views

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS0.00849EPSS
Exploits0References10
OSV
OSV
added 2023/12/23 1:15 p.m.4 views

DEBIAN-CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.8AI score0.00849EPSS
Exploits0References1
OSV
OSV
added 2023/12/23 1:15 p.m.16 views

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.6AI score0.00849EPSS
Exploits0References10
OSV
OSV
added 2023/12/23 1:15 p.m.9 views

AZL-32271 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-13

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.7AI score0.00849EPSS
Exploits0References1
OSV
OSV
added 2023/12/23 1:15 p.m.8 views

AZL-43171 CVE-2023-7008 affecting package systemd for versions less than 255-20

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.8AI score0.00849EPSS
Exploits0References1
Prion
Prion
added 2023/12/23 1:15 p.m.11 views

Design/Logic Flaw

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

2.6CVSS6.8AI score0.00849EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2023/12/23 1:15 p.m.370 views

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.7AI score0.00849EPSS
Exploits0References1
OSV
OSV
added 2023/12/23 1:15 p.m.6 views

UBUNTU-CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS6.8AI score0.00849EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/23 1:0 p.m.21 views

CVE-2023-7008 Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS5.9AI score0.00849EPSS
Exploits0References6
CVE
CVE
added 2023/12/23 1:0 p.m.291 views

CVE-2023-7008

CVE-2023-7008 affects systemd-resolved in systemd by allowing DNSSEC-signed domains to be accepted even when unsigned, enabling record manipulation by an attacker via MITM or upstream resolver. Connected advisories confirm a fix is available in patched systemd packages (e.g., Debian 247.3-7+deb11...

5.9CVSS6.1AI score0.00849EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2023/12/23 12:0 a.m.4 views

systemd security vulnerability

systemd is a Linux-based system and service manager from the individual developer Lennart Poettering in Germany. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A security vulnerability exists in systemd...

5.9CVSS9AI score0.00849EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/12/22 2:19 a.m.6 views

SUSE CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...

5.9CVSS7AI score0.00849EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/12/20 4:0 p.m.49 views

CVE-2023-7008

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. Mitigation Mitigation for this issue is either not...

5.9CVSS7AI score0.00849EPSS
Exploits0References5
Rosalinux
Rosalinux
added 2023/12/12 12:18 p.m.29 views

Advisory ROSA-SA-2023-2304

software: netty 4.1.13 WASP: ROSA-CHROME packageevrstring: netty-4.1.13-13.src.rpm CVE-ID: CVE-2023-34462 BDU-ID: 2023-05355 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the SniHandler component of the Netty networking software tool is associated with uncontrolled resource consumption...

6.5CVSS7AI score0.02459EPSS
Exploits1
Rosalinux
Rosalinux
added 2023/11/21 12:53 p.m.24 views

Advisory ROSA-SA-2023-2299

Software: grafana 7.3.6 OS: ROSA Virtualization 2.1 packageevrstring: grafana-7.3.6-2.el8.src.rpm CVE-ID: CVE-2020-27846 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A signature verification vulnerability exists in cookiejam/saml. This flaw allows an attacker to bypass SAML authentication. The...

10CVSS6.8AI score0.83042EPSS
Exploits1
NVD
NVD
added 2023/11/09 3:15 p.m.14 views

CVE-2023-40055

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227...

8.8CVSS0.02139EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2023/10/31 2:7 p.m.30 views

Advisory ROSA-SA-2023-2285

software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...

7.8CVSS6.6AI score0.0663EPSS
Exploits1
Rows per page
Query Builder