Lucene search
K

235 matches found

Debian CVE
Debian CVE
added 2021/03/26 9:25 p.m.19 views

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

7.5CVSS6.8AI score0.01155EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/26 9:25 p.m.38 views

CVE-2021-21374 Nimble fails to validate certificates due to insecure httpClient defaults

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to...

8.1CVSS8.7AI score0.01035EPSS
Exploits1References4
CVE
CVE
added 2021/03/26 9:25 p.m.211 views

CVE-2021-21374

CVE-2021-21374 affects Nimble (Nim package manager) where Nimble refresh may fetch the package list over HTTPS without full SSL/TLS verification due to httpClient defaults, enabling a MitM to deliver a modified package list and installable packages. If such packages are installed, this can lead t...

8.1CVSS8.4AI score0.01035EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/03/17 12:0 a.m.37 views

RHEL 7 : ipa (RHSA-2021:0860)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based...

6.9CVSS7AI score0.8383EPSS
Exploits6References11
OSV
OSV
added 2021/03/10 9:51 p.m.20 views

GHSA-8278-88VV-X98R Execution of untrusted code through config file

Impact It is possible to run arbitrary commands through the yaml.load method. This could allow an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. Workarounds Manually adjust yaml.load to yaml.safeload For mo...

5CVSS8.5AI score0.00452EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.69 views

RHEL 8 : python-XStatic-jQuery224 (RHSA-2020:5412)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5412 advisory. python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools Security Fixes: Passing HTML containing elements to...

6.9CVSS7.4AI score0.8383EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2020/09/23 12:0 a.m.51 views

RHEL 8 : Red Hat Virtualization (RHSA-2020:3807)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3807 advisory. The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version:...

7.4CVSS6.7AI score0.99019EPSS
Exploits12References47
OSV
OSV
added 2020/04/29 9:15 p.m.1 views

DEBIAN-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.4AI score0.8383EPSS
Exploits6References1
Snyk
Snyk
added 2019/04/07 3:54 p.m.4 views

Sandbox Bypass

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Sandbox Bypass. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit...

8.3CVSS7.4AI score0.00974EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/12/12 12:0 a.m.30 views

openSUSE Security Update : roundcubemail (openSUSE-2016-1419)

roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...

8.8CVSS6.8AI score0.02867EPSS
Exploits1References6
0day.today
0day.today
added 2015/07/18 12:0 a.m.91 views

Apache Groovy 2.4.x Disclosure Vulnerabilities

Exploit for multiple platform in category remote exploits Severity: Important Vendor: The Apache Software Foundation Versions Affected: All unsupported versions ranging from 1.7.0 to 2.4.3. Impact Remote execution of untrusted code, DoS Here you can find information about security patches or...

7.5CVSS0.1AI score0.42983EPSS
Exploits4
The Hacker News
The Hacker News
added 2012/08/27 6:15 p.m.7 views

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.35 views

FreeBSD : kdewebdev -- kommander untrusted code execution vulnerability (91f1adc7-b3e9-11d9-a788-0001020eed82)

A KDE Security Advisory reports : Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. Impact: Remotly supplied kommander files from untrusted sources are executed without confirmation...

7.5CVSS5.5AI score0.0298EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2005/04/20 12:0 a.m.28 views

kdewebdev -- kommander untrusted code execution vulnerability

A KDE Security Advisory reports: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. Impact: Remotly supplied kommander files from untrusted sources are executed without confirmation...

7.5CVSS6.5AI score0.0298EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.36 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

6.1CVSS5.9AI score0.01244EPSS
Exploits1Affected Software1
Rows per page
Query Builder