Lucene search
+L

430 matches found

CVE
CVE
added 2024/06/11 3:34 p.m.72 views

CVE-2024-5813

CVE-2024-5813 affects BeyondInsight Password Safe (BIPS). An authenticated attacker with high privileges can exploit an information leak in the server response to access SSH private keys, exposing highly sensitive material. The vulnerability targets the confidentiality of SSH keys via a disclosur...

5.9CVSS5.5AI score0.00406EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.5 views

BeyondInsight Information Disclosure Vulnerability

BeyondInsight is a Privileged Access Management PAM reporting platform from BeyondTrust USA. An information disclosure vulnerability exists in BeyondInsight Password Safe, which originates from an authenticated attacker with elevated privileges who can access SSH private keys via information...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/20 5:7 p.m.21 views

Passbolt API Stored XSS on first/last name during setup

Description An administrator can craft a user with a malicious first name and last name, using a payload such as '; ? The user will then receive the invitation email and click on the setup link. The setup start page served by the server will fire the XSS. Impact of issue An administrator could us...

6.9AI score
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 9:55 a.m.7 views

libnbd: Crash or misbehaviour when NBD server returns an unexpected block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 the NBD spec states the size is a 64-bit unsigned value. This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbdgetsize function...

6.5CVSS5.8AI score0.00746EPSS
Exploits1References5
OSV
OSV
added 2024/04/19 9:2 p.m.25 views

CVE-2024-31993 Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrapeimage function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the...

6.2CVSS6.6AI score0.00409EPSS
Exploits0References6
NVD
NVD
added 2024/04/09 1:15 a.m.20 views

CVE-2024-30214

The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side...

4.8CVSS5AI score0.00316EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 12:56 a.m.13 views

CVE-2024-30214 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector

The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side...

4.8CVSS6.7AI score0.00316EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 2:15 p.m.21 views

CVE-2024-26629

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is nonsense and harmful. Revert to using checkforlocks, changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

5.5CVSS7.5AI score0.00195EPSS
Exploits0References8
Redos
Redos
added 2024/03/13 12:0 a.m.21 views

ROS-2-995

2.995 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

8.8CVSS9.2AI score0.03582EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:15 a.m.19 views

BIT-GITLAB-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers...

5.3CVSS5.1AI score0.00975EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/02/23 3:2 a.m.24 views

CVE-2024-26141

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Range Header. Carefully crafted range headers can cause a server to respond with an unexpectedly large response. Responding with large responses could lead to a denial of service issue. Mitigation No mitigation is...

5.3CVSS6.7AI score0.01612EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/01/22 8:37 p.m.16 views

CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

4.3CVSS6.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/22 8:37 p.m.55 views

CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

4.3CVSS5.5AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2023/11/27 10:15 a.m.16 views

CVE-2023-6254

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...

8.1CVSS0.00647EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/11/27 10:15 a.m.46 views

CVE-2023-6254

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...

8.1CVSS7.1AI score0.00647EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/27 9:44 a.m.12 views

CVE-2023-6254 Password is send back to client

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X through 8.0.37...

8.1CVSS7.1AI score0.00647EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/11/15 2:49 p.m.25 views

pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document

Impact Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page source, require the attacker to have the full path to the file...

5.3CVSS7.7AI score0.0066EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2023/09/28 1:55 p.m.75 views

CVE-2023-5215

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 the NBD spec states the size is a 64-bit unsigned value. This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbdgetsize function...

6.5CVSS5.7AI score0.00746EPSS
Exploits1
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.5 views

App Lounge 数据伪造问题漏洞

App Lounge is the second iteration of the app store embedded in /e/OS from the /e/ team. It allows everyone to access millions of apps directly from their phone's home screen. A security vulnerability exists in versions prior to App Lounge 0.19q that stems from not properly verifying an...

6.5CVSS6.5AI score0.00324EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.22 views

EulerOS Virtualization 3.0.6.6 : dhcp (EulerOS-SA-2023-2409)

According to the versions of the dhcp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, i...

6.5CVSS6.9AI score0.00682EPSS
Exploits0References3
Rows per page
Query Builder