Lucene search
+L

157 matches found

Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.7 views

PT-2023-29699 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 4.1.8 Wagtail versions prior to 5.0.5 Wagtail versions prior to 5.1.3 Description: A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bu...

2.7CVSS3.6AI score0.00454EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/10/18 1:2 a.m.4 views

SUSE CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

4.3CVSS6.8AI score0.00699EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/14 12:0 a.m.7 views

PT-2023-5833 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...

8.2CVSS8.1AI score0.05404EPSS
Exploits4References20
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.4 views

PT-2023-5115 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.4 through 2.6.14 Argo CD versions 2.7 through 2.7.13 Argo CD versions 2.8 through 2.8.2 Description: The Argo CD repo-server component is vulnerable to a Denial-of-Service attack vector. This vulnerability occurs because th...

6.8CVSS7.1AI score0.01176EPSS
Exploits0References18
OSV
OSV
added 2023/08/08 7:15 p.m.7 views

AZL-37359 CVE-2023-39533 affecting package golang for versions less than 1.21.6-1

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.1AI score0.01084EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.3 views

PT-2023-24516 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 16.0.7 GitLab versions 16.1 through 16.1.2 GitLab versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab where a user importing a project 'from export' could access and read unrelated fil...

6.5CVSS6AI score0.00735EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-4688 · Qt Company +8 · Qt +8

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.10 Qt versions 6.3.x through 6.5.x prior to 6.5.3 Description: The issue is related to infinite loops in recursive entity expansion, which can lead to a denial of service. This can be...

9.8CVSS6.4AI score0.01553EPSS
Exploits3References213
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.2 views

PT-2023-16319 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 Description: An issue has been discovered in GitLab CE/EE where open redirection was possible via HTTP response...

4.3CVSS6.6AI score0.00757EPSS
Exploits0References13
Snyk
Snyk
added 2023/05/19 12:0 a.m.2 views

Acceptance of Extraneous Untrusted Data With Trusted Data

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...

6.9CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.4 views

PT-2023-2918 · Mitel · Mitel Mivoice Connect

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice Connect versions through 19.3 SP2 Mitel MiVoice Connect versions 20.x Mitel MiVoice Connect versions 21.x Mitel MiVoice Connect versions 22.x through 22.24.1500.0 Description: The issue is related to insufficient validation for...

7.8CVSS6.7AI score0.0041EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.6 views

PT-2023-23172 · Unknown · Dhis2 Core

Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions prior to 2.37.9.1 DHIS2 Core versions prior to 2.38.3.1 DHIS2 Core versions prior to 2.39.1.2 Description: DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in th...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/04/18 11:17 p.m.4 views

SUSE CVE-2023-30539

Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...

8.8CVSS6.8AI score0.00627EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.4 views

PT-2023-21233 · Cilium +1 · Cilium +1

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.11.15 Cilium versions prior to 1.12.8 Cilium versions prior to 1.13.1 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with access to a Cilium agent...

5.5CVSS7AI score0.00217EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.3 views

PT-2023-19853 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.10.11 HashiCorp Vault and Vault Enterprise versions prior to 1.11.8 HashiCorp Vault and Vault Enterprise versions prior to 1.12.4 HashiCorp Vault and Vault Enterprise versions prior to...

8.5CVSS6.5AI score0.00597EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.4 views

PT-2023-20664 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.3-rc-1 through 13.10.10 XWiki Platform versions 14.4.0 through 14.4.6 XWiki Platform versions 14.10.0 Description: XWiki Platform is a generic wiki platform where any user with edit right can execute arbitrary databa...

6.5CVSS6.6AI score0.00637EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.3 views

PT-2023-16326 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.0 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 Description: An issue has been discovered in GitLab CE/EE that allows a DoS attack to be triggered by uploading a...

7.5CVSS7.1AI score0.01216EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.6 views

PT-2023-19941 · Wings · Wings

Name of the Vulnerable Software and Affected Versions: Wings versions prior to v1.11.3 Wings versions prior to v1.7.3 Description: The vulnerability in Wings allows attackers to create new files and directory structures on the host system, potentially enabling them to change resource allocations,...

8.8CVSS6.8AI score0.00682EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.8 views

PT-2022-28061 · Typo3 · Fp Newsletter

Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions prior to 1.1.1 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.x prior to 2.1.2 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.x prior to 3.2.6...

9.1CVSS7.5AI score0.00674EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.8 views

PT-2022-26178 · Dhis2 · Dhis2

Name of the Vulnerable Software and Affected Versions: DHIS2 versions prior to 2.36.12.1 DHIS2 versions prior to 2.37.8.1 DHIS2 versions prior to 2.38.2.1 DHIS2 versions prior to 2.39.0.1 Description: DHIS 2 is an open source information system for data capture, management, validation, analytics...

5CVSS4.3AI score0.004EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.5 views

PT-2022-26166 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.6RC1 XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.3 Description: The issue allows users without the right to view documents to deduce their existence by repeated Livetable...

5.3CVSS4.5AI score0.00769EPSS
Exploits1References11
Rows per page
Query Builder