Lucene search
K

77 matches found

OSV
OSV
added 2022/01/05 7:5 p.m.38 views

CVE-2022-21642 Exposure of whisper participants in discourse

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS4.6AI score0.00727EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.5 views

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from an information disclosure vulnerability that stems from the fact that a maliciously crafted request may result in an intermediate proxy cache...

5.3CVSS5.5AI score0.00938EPSS
Exploits0References3
NVD
NVD
added 2021/10/20 11:15 p.m.27 views

CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

10CVSS0.19812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/26 12:0 a.m.6 views

PT-2021-22418 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue allows category names to be used for Cross-site scripting XSS attacks. This is mitigated by Discourse's default Content Security Policy, and...

5.4CVSS5.1AI score0.00413EPSS
Exploits0References6
OSV
OSV
added 2021/05/10 8:15 p.m.25 views

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

5.5CVSS7AI score
Exploits0References3
CVE
CVE
added 2021/05/10 7:25 p.m.113 views

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

6.2CVSS5.7AI score0.00404EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/05/10 7:15 p.m.36 views

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

7CVSS6.8AI score
Exploits0References2
CISA
CISA
added 2020/06/16 12:0 a.m.9 views

Ripple20 Vulnerabilities Affecting Treck IP Stacks

The Cybersecurity and Infrastructure Security Agency CISA is aware of multiple vulnerabilities, known as Ripple20, affecting Treck IP stack implementations for embedded systems. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages user...

7AI score
Exploits0References3
CNVD
CNVD
added 2019/10/24 12:0 a.m.3 views

Xiaomi Mi WiFi R3G Path Traversal Vulnerability

The Xiaomi Mi WiFi R3G is a 3G router from China's Xiaomi Technology Xiaomi. A path traversal vulnerability in previous versions of the Xiaomi Mi WiFi R3G 2.28.23-stable, which stems from a failure of a networked system or product to properly filter for special elements in the path of a resource ...

7.5CVSS8.9AI score0.55427EPSS
Exploits2References1
Information Security Automation
Information Security Automation
added 2019/01/08 10:15 p.m.81 views

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

7.4AI score
Exploits0
Mageia
Mageia
added 2018/11/21 5:51 p.m.17 views

Updated roundcubemail packages fix security vulnerability & bugs

This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability in handling invalid style tag content plus updates to ensure compatibility with PHP 7.3 an...

2.5AI score
Exploits0References2
CNVD
CNVD
added 2018/11/05 12:0 a.m.3 views

Code Execution Vulnerability in ESPCMS Enterprise Website Management System P8.18101601 Stable Version

ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. A code execution vulnerability exists in the stable version of ESPCMS P8.18101601. It allows an attacker to remotely execute commands and gain server privileges...

8.1AI score
Exploits0
CNVD
CNVD
added 2018/11/01 12:0 a.m.2 views

SQL Injection Vulnerability in ESPCMS P8.18101601 Stable Version in***.php File

ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. ESSENCE ESPCMS enterprise website management system P8.18101601 stable version of in.php file SQL injection vulnerability. Attackers can use the vulnerability to obta...

7.7AI score
Exploits0
OSV
OSV
added 2018/03/19 12:13 p.m.10 views

MGASA-2018-0175 Updated leptonica packages fix security vulnerabilities

Package leptonica has been updated to the current stable version 1.75.3 which fixes: CVE-2018-7186 - multiple stack-based buffer overflows in gplotRead and ptaReadStream CVE-2018-7247 - a buffer overflow in src/viewfiles.c with unsanitized input rootname...

9.8CVSS7.4AI score0.03466EPSS
Exploits0References2
Mageia
Mageia
added 2018/03/01 9:27 p.m.32 views

Updated leptonica packages fix a security vulnerability

Package leptonica has been updated to the current stable version 1.75.2 which fixes a security issue potential injection attack using gplot rootdir reported in CVE-2018-3836...

7.8CVSS4.3AI score0.01452EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2017/10/14 12:0 a.m.12 views

PT-2017-4232 · Mikrotik · Routeros +1

Name of the Vulnerable Software and Affected Versions: Mikrotik RouterOS versions prior to Stable 6.38.5 Mikrotik RouterOS versions prior to Long-term 6.37.5 Description: The issue is related to memory corruption in the Mikrotik RouterOS web server. A remote and unauthenticated user can trigger t...

9.8CVSS9.7AI score0.02554EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2016/12/14 12:0 a.m.47 views

Fedora 25 : lxc (2016-868350fe5a)

Update LXC to the latest stable version. See here for the list of changes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

9.1CVSS8.1AI score0.02813EPSS
Exploits0References3
Patchstack
Patchstack
added 2016/07/04 12:0 a.m.10 views

WordPress Real3D FlipBook Plugin - Multiple Vulnerabilities

Real3D FlipBook plugin is prone to multiple vulnerabilities, such as XSS. An attacker can upload images in root directory and delete any files from the server. Solution Update WordPress plugin to the newest stable and safe version...

4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/06/29 12:0 a.m.33 views

WordPress Ultimate Membership Pro Plugin 3.3 - SQL Injection

This WordPress Ultimate Membership Pro plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update WordPress plugin to the newest stable and safe...

3.5AI score
Exploits0References2Affected Software1
Gentoo Linux
Gentoo Linux
added 2015/07/10 12:0 a.m.56 views

Oracle JRE/JDK: Multiple vulnerabilities

Background The Oracle Java Development Kit JDK and the Oracle Java Runtime Environment JRE provide the Oracle Java platform. Description Multiple vulnerabilities have been discovered in Oracle JRE/JDK. Please review the CVE identifiers referenced below for details. Impact An context-dependent...

10CVSS6.3AI score0.99999EPSS
Exploits12
Rows per page
Query Builder