Lucene search
K

97 matches found

Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.10 views

PT-2023-18096 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE, where a DollarMathPostFilter Regular Expression Denial...

7.5CVSS6.6AI score0.01325EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.25 views

GitLab 15.7 < 15.10.8 / 15.11 < 15.11.7 / 16.0 < 16.0.2 (CVE-2023-1825)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It w...

4.3CVSS5.1AI score0.00538EPSS
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 2023/04/03 8:0 p.m.15 views

Azure File Sync Agent v16.0 Release – January 2023 (KB5013877)

Update for Azure File Sync agent version 16.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

3.7AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2023/04/03 7:0 p.m.10 views

Azure File Sync Agent v16.0 Release – January 2023 (KB5013877)

Update for Azure File Sync agent version 16.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

3.7AI score
Exploits0
Prion
Prion
added 2022/08/04 6:15 p.m.26 views

Design/Logic Flaw

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. Note: Software versions which have...

5CVSS7.6AI score0.00681EPSS
Exploits0References1Affected Software11
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

Dolibarr 跨站脚本漏洞

Dolibarr is an application. A modern software package that helps manage your organization's activities.A cross-site scripting vulnerability exists in versions prior to Dolibarr 16.0, which stems from the application's lack of filtering and escaping of data parameters. An attacker could exploit th...

8.4CVSS5.6AI score0.00863EPSS
Exploits1References3
OSV
OSV
added 2022/02/23 7:15 p.m.4 views

UBUNTU-CVE-2022-0731

Improper Access Control IDOR in GitHub repository dolibarr/dolibarr prior to 16.0...

6.5CVSS6.2AI score0.00996EPSS
Exploits1References4
NVD
NVD
added 2022/02/09 11:15 p.m.22 views

CVE-2022-22528

SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...

7.8CVSS0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/31 12:0 a.m.3 views

dolibarr 安全漏洞

Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in dolibarr 16.0, details of the vulnerability are not available at this time, please follow the manufacturer's website or CNNVD for follow-up informatio...

4.3CVSS5AI score0.00914EPSS
Exploits1References3
NVD
NVD
added 2021/09/14 11:15 p.m.45 views

CVE-2021-23029

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

8.8CVSS0.00875EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 11:15 p.m.35 views

Server side request forgery (ssrf)

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

6.5CVSS8.5AI score0.00875EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/09/14 9:48 p.m.36 views

CVE-2021-23027

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user...

6.1AI score0.00581EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 9:15 p.m.24 views

Code injection

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

4.3CVSS7.5AI score0.00933EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/09/14 9:15 p.m.28 views

Code injection

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2021/09/14 7:15 p.m.28 views

CVE-2021-23036

On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS0.00933EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 6:15 p.m.21 views

Code injection

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffi...

7.1CVSS7.5AI score0.0095EPSS
Exploits0References1Affected Software11
Prion
Prion
added 2021/09/14 6:15 p.m.18 views

Cross site scripting

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in...

3.5CVSS7.9AI score0.00916EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2021/09/14 6:7 p.m.37 views

CVE-2021-23031

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which...

9.8AI score0.02072EPSS
Exploits0References1
OSV
OSV
added 2021/09/14 3:15 p.m.5 views

CVE-2021-23043

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of...

6.5CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2021/09/14 3:15 p.m.21 views

Code injection

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6, when an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note: Software versio...

4.3CVSS7.5AI score0.00933EPSS
Exploits0References1Affected Software14
Rows per page
Query Builder