Lucene search
K

296 matches found

OSV
OSV
added 2023/11/08 3:2 p.m.30 views

GHSA-VFP6-JRW2-99G9 Cosign vulnerable to possible endless data attack from attacker-controlled registry

Summary Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is tha...

3.1CVSS4.8AI score0.0064EPSS
Exploits1References7
CNVD
CNVD
added 2023/07/27 12:0 a.m.3 views

SpringBlade Secure Mode Bypass Vulnerability

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. SpringBlade suffers from a security model bypass vulnerability that stems from exposing a signing key, which can be exploited by an attacker to conduct a SQL injection attack by forging a JWT,...

8.3AI score
Exploits0References1
NVD
NVD
added 2023/06/16 4:15 a.m.25 views

CVE-2023-34845

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

5.4CVSS5.8AI score0.00804EPSS
Exploits2References3
Prion
Prion
added 2023/06/16 4:15 a.m.26 views

Privilege escalation

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

4.9CVSS5.9AI score0.00804EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2023/06/16 12:0 a.m.27 views

CVE-2023-34845

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the...

6.1AI score0.00804EPSS
Exploits2References3
OSV
OSV
added 2023/05/17 1:15 p.m.6 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.4CVSS5.8AI score
Exploits0References4
Prion
Prion
added 2023/05/17 1:15 p.m.19 views

Cross site scripting

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

4.9CVSS5.3AI score0.02586EPSS
Exploits4References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/17 12:0 a.m.27 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.9AI score0.02586EPSS
Exploits4References4
Cvelist
Cvelist
added 2023/05/17 12:0 a.m.34 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.6AI score0.02586EPSS
Exploits4References4
Qualys Blog
Qualys Blog
added 2023/05/10 7:11 p.m.15 views

Adopting an Effective and Easy To Implement Zero Trust Architecture

Security professionals employed by a federal agency, supplier, or regulated private sector firm are often challenged by long lists of required cybersecurity rules that can seem endless and unchanging. White House Executive Orders, FedRAMP requirements, CISA Binding Operational Directives, NIST...

6.7AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/05/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS7.2AI score0.51653EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2023/03/24 9:53 p.m.21 views

TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad

Impact Out of bounds read in GRUBlockCellGrad python func = tf.rawops.GRUBlockCellGrad para = 'x': 21.1, 156.2, 83.3, 115.4, 'hprev': array136.5, 136.6, 'wru': array26.7, 0.8, 47.9, 26.1, 26.2, 26.3, 'wc': array 0.4, 31.5, 0.6, 'bru': array0.1, 0.2 , dtype=float32, 'bc': 0x41414141, 'r': array0.3...

7.5CVSS7.2AI score0.00383EPSS
Exploits0References4Affected Software3
The Hacker News
The Hacker News
added 2023/02/22 12:56 p.m.92 views

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component CVE-2023-23520 that could enable a malicious actor to read arbitrary files as root. The iPhone...

0.6AI score0.01751EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/06 10:0 a.m.42 views

SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/12 12:59 p.m.23 views

How to instrument system applications on Android stock images

By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how to do it on an...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/03 9:45 a.m.15 views

Okta breached last month, no customers compromised

Some of Oktas source code fell into the hands of an unauthorized party. The code was stolen from GitHub in the first part of December, according to a statement issued by the company. In the same statement the company reassured users that there was no impact to any customers. Okta Okta is an acces...

Exploits0
OSV
OSV
added 2022/12/20 12:30 a.m.25 views

GHSA-54R5-WR8X-X5V3 Duplicate Advisory: Apiman has insufficient checks for read permissions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j94p-hv25-rm5g. This link is maintained to preserve external references. Original Description Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A...

7.1CVSS6.2AI score0.00604EPSS
Exploits0References4
NVD
NVD
added 2022/12/20 12:15 a.m.47 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.5CVSS0.00604EPSS
Exploits0References2
Prion
Prion
added 2022/12/20 12:15 a.m.16 views

Design/Logic Flaw

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

4CVSS6.4AI score0.00604EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/19 12:0 a.m.49 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.6AI score0.00604EPSS
Exploits0References2
Rows per page
Query Builder