Lucene search
+L

157 matches found

ptsecurity
ptsecurity
added 2024/11/03 12:0 a.m.5 views

PT-2024-16525 · Umbraco · Umbraco Cms

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 10.8.8 Umbraco CMS versions prior to 13.5.3 Umbraco CMS versions prior to 14.3.2 Umbraco CMS versions prior to 15.1.2 Description: A vulnerability was found in Umbraco CMS, classified as problematic. The issue...

6.9CVSS4.6AI score0.00559EPSS
Exploits1References19
osv
osv
added 2024/10/16 9:15 p.m.4 views

DEBIAN-CVE-2024-47889

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...

8.7CVSS5.3AI score0.00944EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/10/08 12:0 a.m.4 views

PT-2024-7465 · Fortinet · Fortimanager

Name of the Vulnerable Software and Affected Versions: FortiManager versions 7.4.2 and below FortiManager versions 7.2.5 and below FortiManager versions 7.0.12 and below Description: The issue is related to the exposure of sensitive information to unauthorized actors. It allows a remote...

4.3CVSS6.4AI score0.00446EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/09/12 12:0 a.m.3 views

PT-2024-37586 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab-CE/EE versions 17.0 through 17.1.7 GitLab-CE/EE versions 17.2 through 17.2.5 GitLab-CE/EE versions 17.3 through 17.3.2 Description: An issue was discovered in GitLab-CE/EE where an attacker, as a guest user, was able to access commit...

4.3CVSS6.7AI score0.00434EPSS
Exploits0References14
github
github
added 2024/08/27 7:50 p.m.31 views

Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...

5.3CVSS6.3AI score0.00574EPSS
Exploits1References6Affected Software1
amazon
amazon
added 2024/08/13 12:0 a.m.5 views

Important: tomcat

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

7.5CVSS7AI score0.04602EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/07/11 12:0 a.m.6 views

PT-2024-40300 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 1.5.4 SurrealDB versions prior to 2.0.0-alpha.6 Description: The issue arises when an authenticated scope user switches working databases in a session using the use method or USE clause. If a user record with an...

5.3CVSS7.3AI score
Exploits0References5
osv
osv
added 2024/07/03 8:15 p.m.7 views

UBUNTU-CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS5.7AI score0.04602EPSS
Exploits0References4
oraclelinux
oraclelinux
added 2024/05/29 12:0 a.m.375 views

container-tools:ol8 security update

aardvark-dns buildah 2:1.33.7-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 https://github.com/containers/buildah/commit/b95e962 - Resolves: RHEL-28224 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu 3.18-5 -...

8.6CVSS7.2AI score0.01956EPSS
Exploits1
ptsecurity
ptsecurity
added 2024/05/08 12:0 a.m.8 views

PT-2024-3323

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 Description: The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and ...

8.8CVSS7.4AI score0.04322EPSS
Exploits0References174
ptsecurity
ptsecurity
added 2024/04/12 12:0 a.m.2 views

PT-2024-14968 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7.7 through 16.8.5 GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 Description: A denial of service issue was identified in GitLab CE/EE, which allows an attacker to increase the...

6.5CVSS6.6AI score0.00601EPSS
Exploits0References11
osv
osv
added 2024/04/10 12:15 p.m.6 views

DEBIAN-CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting proxy.config.http2.maxcontinuationframesperminute to limit the number of CONTINUATION frames...

7.5CVSS8AI score0.94615EPSS
Exploits1References1
osv
osv
added 2024/03/12 9:30 p.m.27 views

GHSA-C35H-W8HJ-MM55 Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint

Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections...

8.2CVSS5.8AI score0.01765EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/03/11 12:0 a.m.4 views

PT-2024-22331 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.44.3 Zitadel versions 2.45.0 through 2.45.0 before 2.45.1 Zitadel versions prior to 2.46.0 Description: Zitadel is an open source identity management system that uses a cookie to identify the user agent and its use...

7.5CVSS6.4AI score0.00335EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2024/01/29 12:0 a.m.7 views

PT-2024-1487

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...

8.2CVSS7.2AI score0.76875EPSS
Exploits16References121
ptsecurity
ptsecurity
added 2024/01/22 12:0 a.m.5 views

PT-2024-1274 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3 Description: The issue is related to insufficient input validation, allowing a remote attacker to gain unauthorized access to protected information using the...

5.5CVSS7.3AI score0.00324EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2024/01/12 12:0 a.m.5 views

PT-2024-2675 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: The issue is related to the CampaignEvents extension in MediaWiki, which is associated with improp...

5.5CVSS5.8AI score0.00406EPSS
Exploits1References10
ivanti
ivanti
added 2023/12/04 8:39 p.m.15 views

Security patch release - Ivanti Connect Secure 22.6R2 and 22.6R2.1

Resolutions for Ivanti Connect Secure Security Issues: As part of Ivanti's commitment to continuous security hardening, Ivanti has released a security update for Ivanti Connect Secure. This update resolves important vulnerabilities. To our knowledge, none of the CVEs identified in this review hav...

7.8CVSS8.4AI score0.03366EPSS
Exploits0
osv
osv
added 2023/10/27 3:15 p.m.2 views

UBUNTU-CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS7AI score0.99654EPSS
Exploits31References7
ptsecurity
ptsecurity
added 2023/10/25 12:0 a.m.6 views

PT-2023-8615 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 14.0-rc-1 through 14.4.7 XWiki Platform versions 14.0-rc-1 through 14.10.3 XWiki Platform versions 14.0-rc-1 through 14.9.x XWiki Platform version 15.0-rc-1 is not affected, but versions prior to it are Description: Th...

8.5CVSS7.9AI score0.00573EPSS
Exploits1References10
Rows per page
Query Builder