Lucene search
K

72 matches found

OpenVAS
OpenVAS
added 2023/02/03 12:0 a.m.15 views

GitLab 14.x < 15.6.7, 15.7.x < 15.7.6, 15.8.x < 15.8.1 DoS Vulnerability

GitLab is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

7.5CVSS7.4AI score0.01216EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/09/16 12:0 a.m.18 views

XWiki 2.2 < 13.10.6, 14.0 < 14.3 XSS Vulnerability (GHSA-gjmq-x5x7-wc36)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9CVSS8.3AI score0.5947EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/08/16 12:0 a.m.19 views

PostgreSQL 10.x < 10.22, 11.x < 11.17, 12.x < 12.12, 13.x < 13.8, 14.x < 14.5 Extension Vulnerability - Windows

PostgreSQL is prone to a vulnerability where extension scripts replace objects not belonging to the extension. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

8CVSS8.1AI score0.0152EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/14 12:0 a.m.30 views

Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-ksKd5yfA)

The version of Cisco Unified Communications Manager installed on the remote host is version 14 prior to 14SU2. It is, therefore affect by a cross-site scripting vulnerability XSS in the web-based management interface. An unauthenticated remote attacker can, with the action of an authorized user,...

6.1CVSS6.4AI score0.00714EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/05/16 12:0 a.m.22 views

PostgreSQL 10.x < 10.21, 11.x < 11.16, 12.x < 12.11, 13.x < 13.7, 14.x < 14.3 Privilege Escalation Vulnerability - Windows

PostgreSQL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS9.2AI score0.12403EPSS
Exploits0References2
OSV
OSV
added 2021/12/13 4:15 p.m.16 views

CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

4.4CVSS6.7AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

GitLab 访问控制错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. An Access Control Error vulnerability exists in GitLab CE/EE that stems from...

4.3CVSS5.2AI score0.01025EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.27 views

Mozilla Firefox Security Advisory (MFSA2012-44) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

10CVSS9.6AI score0.05545EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.24 views

Mozilla Firefox Security Advisory (MFSA2012-53) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS9.5AI score0.01606EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/10/05 2:15 p.m.25 views

CVE-2021-22257

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...

5.3CVSS6AI score0.00908EPSS
Exploits0References3
Prion
Prion
added 2021/09/27 11:15 a.m.17 views

Cross site scripting

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system...

4.3CVSS5.9AI score0.00562EPSS
Exploits0References1Affected Software1
ALT Linux
ALT Linux
added 2021/08/17 12:0 a.m.74 views

Security fix for the ALT Linux 10 package node version 14.17.5-alt1

14.17.5-alt1 built Aug. 17, 2021 Vitaly Lipatov in task 282492 Aug. 11, 2021 Vitaly Lipatov - new version 14.17.5 with rpmrb script - set c-ares = 1.17.2 - CVE-2021-3672, CVE-2021-22931: Improper handling of untypical characters in domain names - CVE-2021-22930: Use after free on close http2 on...

7.5CVSS8.4AI score0.37286EPSS
Exploits3
Huntr
Huntr
added 2021/07/21 8:32 a.m.10 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Bank section the Bank | Cash part, you protect List entities to delete with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary List entities only with knowing their ids. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' input...

2.9AI score
Exploits0
Huntr
Huntr
added 2021/07/21 8:15 a.m.9 views

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In Ticket section , you protect tickets from being deleted with CSRF attacks but if I set CSRF token to nothings then I able to delete arbitrary tickets only with knowing their "trackid" parameter. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' 💥 Impact This...

4.3AI score
Exploits0
OpenVAS
OpenVAS
added 2021/04/14 12:0 a.m.16 views

Microsoft Office 2010 Remote Code Execution Vulnerability (KB4504738)

This host is missing an important security update according to Microsoft KB4504738 Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.8CVSS7.5AI score0.02471EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2021/03/26 3:32 a.m.244 views

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

F5 BIG-IP 远程命令执行漏洞(CVE-2021-22986) 漏洞影响 F5 BIG-IP 16.x: 1...

10CVSS9.7AI score0.99898EPSS
Exploits20
CNNVD
CNNVD
added 2021/02/18 12:0 a.m.7 views

Digium Asterisk Security Vulnerability

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Digium Asterisk. The vulnerability stems from allowing a...

5.9CVSS6.3AI score0.02547EPSS
Exploits0References9
Prion
Prion
added 2020/12/24 3:15 p.m.27 views

Code injection

In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic ove...

4CVSS6.4AI score0.00887EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2020/12/22 12:0 a.m.7 views

Odoo Security Vulnerability

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language with PostgreSQL as the database and includes modules for sales management, inventory management, financial management and so on. A security...

6.5CVSS6.6AI score0.01445EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/15 12:0 a.m.22 views

Microsoft Office 2010 Remote Code Execution Vulnerability (KB3203462)

This host is missing an important security update according to Microsoft KB3203462 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

8.8CVSS8.2AI score0.0861EPSS
Exploits0References1
Rows per page
Query Builder