Lucene search
K

266 matches found

Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-24508 · Cloudogu Gmbh · Scm Manager

Name of the Vulnerable Software and Affected Versions: Cloudogu GmbH SCM Manager versions 1.2 through 1.60 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. This enables...

5.4CVSS6.4AI score0.07258EPSS
Exploits7References9
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.6 views

PT-2023-24020 · Unknown · Opc Ua Legacy Java Stack

Name of the Vulnerable Software and Affected Versions: OPC UA Legacy Java Stack versions prior to 6f176f2 Description: The issue allows an attacker to block OPC UA server applications via uncontrolled resource consumption, causing them to be unable to serve client applications. This is a...

7.5CVSS7.2AI score0.01168EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/05/11 12:0 a.m.41 views

RHEL 9 : libtpms (RHSA-2023:2453)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2453 advisory. The libtpms is a library providing Trusted Platform Module TPM functionality for virtual machines. Security Fixes: tpm: TCG TPM2.0...

7.8CVSS7.4AI score0.05552EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2023/05/08 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2023-0158)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00392EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.10 views

PT-2023-3564 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions =5.4 Description: The issue is related to incorrect verifier pruning in BPF in the Linux Kernel, which leads to unsafe code paths being incorrectly marked as safe. This results in arbitrary read/write in kernel memory,...

10CVSS6.9AI score0.71737EPSS
Exploits67References744
Oracle linux
Oracle linux
added 2023/04/10 12:0 a.m.51 views

Unbreakable Enterprise kernel-container security update

4.14.35-2047.524.5.el7 - rds/ib: Fix the softlock-up in RDS cache GC worker Arumugam Kolappan Orabug: 35079728 4.14.35-2047.524.4.el7 - xfs: add missing cmap-brstate = XFSEXTNORM update Gao Xiang Orabug: 35202792 - x86/tsc: Disable clocksource watchdog for TSC on qualified platorms Feng Tang...

7.8CVSS7.5AI score0.00302EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/04/04 9:11 a.m.58 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.9CVSS6.9AI score0.03702EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.3 views

PT-2023-20584 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server version 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00371EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.8 views

Debian: Security Advisory (DLA-1424-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 12:13 p.m.17 views

Security Bulletin: Vulnerability (CVE-2022-3676) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition

Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2022-3676 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass...

6.5CVSS6.8AI score0.00589EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/02/03 12:0 a.m.23 views

OpenBSD OpenSSH 9.1 Memory Safety Vulnerability

OpenBSD OpenSSH is prone to a memory safety vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...

6.5CVSS7AI score0.89955EPSS
Exploits10References4
Positive Technologies
Positive Technologies
added 2023/01/21 12:0 a.m.4 views

PT-2023-19375 · Lightftp · Lightftp

Name of the Vulnerable Software and Affected Versions: LightFTP versions 1.0 through 2.2 LightFTP version 2.2 Description: A race condition in the software allows an attacker to achieve path traversal via a malformed FTP request. This occurs because a handler thread can use an overwritten...

7.5CVSS7.2AI score0.00524EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2023/01/20 12:0 a.m.40 views

ruby:2.5 security update

ruby 2.5.9-110.0.1 - Fix for CVE-2022-28739 Orabug: 34824177...

7.5CVSS1.3AI score0.04127EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/17 4:35 p.m.23 views

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to privilege escalation.

Summary IBM Robotic Process Automation for Cloud Pak could allow a local user to perform unauthorized actions due to insufficient permission settings. Vulnerability Details CVEID:CVE-2023-22592 DESCRIPTION: IBM Robotic Process Automation for Cloud Pak could allow a local user to perform...

7.8CVSS5.5AI score0.00149EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.7 views

PT-2023-16190 · Unknown · Daloradius

Name of the Vulnerable Software and Affected Versions: daloradius versions prior to master-branch Description: The issue is related to Cross-site Scripting XSS - Reflected in the GitHub repository lirantal/daloradius. This type of attack occurs when an application includes user input in its...

6.1CVSS5.5AI score0.00468EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/01/10 12:0 a.m.10 views

CVE-2022-38489

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-site Scripting XSS. Version 2022.1.110.1.02 fixes the vulnerably...

4.8CVSS6.3AI score0.00351EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.9 views

NodeBB < 2.5.8 CSRF Vulnerability

NodeBB is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodebb:nodebb...

4.3CVSS4.6AI score0.00341EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-35264 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential issue exists in the libahci platform module, related to a sanity check of the DT child nodes number. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 8:16 p.m.47 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker...

7.5CVSS7.1AI score0.70561EPSS
Exploits5Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.6 views

CVE-2022-32877

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Monterey 12.6. An app may be able to access user-sensitive data...

5.9AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder