Lucene search
K

50 matches found

vulnersOsv
vulnersOsv
added 2023/07/05 3:30 a.m.5 views

com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +91 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-jdk14 (>=1.49 <=1.73)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.49, =2.0, =1.0, =9.1.20, =0.1.1, =1.5.4, =2.2, =2.0.1, =7.0, =1.5, =12.3, =22.2.3 and more Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...

5.3CVSS6.6AI score0.00772EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/27 12:30 a.m.5 views

@aothechbcn/frontend-idealbar--lib-idealbar (>=1.0.0 <=1.0.10), @brigad/redux-rest-easy (>=3.0.0 <=3.0.3) +54 more potentially affected by CVE-2022-24999 via qs (=6.6.0)

qs NPM version =6.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - @aothechbcn/frontend-idealbar--lib-idealbar =1.0.0, =3.0.0, =0.92.0, =1.0.1, =1.0.0, =5.1.0, =13.1.1-5e9b77d, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 -...

7.5CVSS7.1AI score0.14663EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/08/06 5:29 a.m.4 views

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31186 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31186 Source advisory: OSV:GHSA-P6MM-27GQ-9V3P...

3.3CVSS5.8AI score0.00245EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/21 4:32 a.m.67 views

Security Bulletin: There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager.

Summary Apache-storm, used by IBM Tivoli Network Manager, contains many internal libraries which are vulnerable to various types of CVEs. Revealing sensitive information CVE-2021-28169, bypassing ACL validations CVE-2018-17196, heap based buffer overflow CVE-2015-5237, denial of service...

9CVSS9.2AI score0.7848EPSS
Exploits7Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 4:15 a.m.4 views

com.sksamuel.scruffy:scruffy-integrationtest_2.11 (=1.12.0), com.sksamuel.scruffy:scruffy-undertow_2.11 (>=1.9.0 <=1.12.0) +39 more potentially affected by CVE-2014-7816 via io.undertow:undertow-core (>=1.2.0.Beta1 <=1.2.0.Beta2)

io.undertow:undertow-core MAVEN version =1.2.0.Beta1, =1.9.0, =1.0.0.Alpha1, =1.2.0.Beta1, =1.2.0.Beta1, =1.2.0.Beta1, =0.5.1, =0.5.1, =1.0.0.Beta1, =1.0.0.Alpha9, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta1, =1.0.0.Beta4 and more Source cves: CVE-2014-7816 Source advisor...

5CVSS5.8AI score0.25082EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/13 1:36 a.m.4 views

com.actiontestscript:ats-automated-testing (>=1.1.1 <=1.7.8), com.actiontestscript:automated-testing (=1.1.1) +1 more potentially affected by CVE-2017-3202 via com.exadel.flamingo.flex:amf-serializer (=1.5.0)

com.exadel.flamingo.flex:amf-serializer MAVEN version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.exadel.flamingo.flex:amf-serializer and may be impacted: - com.actiontestscript:ats-automated-testing =1.1.1, =1.7.8 -...

9.8CVSS7.2AI score0.0821EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/05/02 3:22 a.m.4 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +4314 more potentially affected by CVE-2009-1190 via org.springframework:spring-core (>=1.2 <=2.5.6.SEC03)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =1.0, =0.3, =1.0, =0.0.1, =1.2.1, =1.2.1, =1.0, =1.0.4 - cf.pgmann.plugins:url-auth-sso =1.0 and more Source cves: CVE-2009-1190 Source advisory: OSV:GHSA-WJJR-H4WH-W6VV...

5CVSS7.2AI score0.02796EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/01/13 4:14 p.m.5 views

@3kles/3kles-socketio (>=1.0.0 <=1.0.5), @livejack/broker (=1.3.4) +22 more potentially affected by CVE-2022-21676 via engine.io (=6.0.1)

engine.io NPM version =6.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on engine.io and may be impacted: - @3kles/3kles-socketio =1.0.0, =0.1.0, =8.1.2, =1.4.0, =0.4.11, =0.4.0, =0.4.0, =0.4.10, =0.4.11, =0.4.5, =5.0.0, =1.0.0-alpha.1, =1.0.0-alpha....

7.5CVSS7.1AI score0.0276EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/01/06 6:29 p.m.43 views

Client-Side JavaScript Prototype Pollution in oro/platform

Summary By sending a specially crafted request, an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that are vulnerable to Prototype Pollution. Workarounds Configure WAF to dro...

8.8CVSS2.8AI score0.01094EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/04 4:14 p.m.6 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.1 <=4.6.0.0), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +6031 more potentially affected by CVE-2021-44832 via org.apache.logging.log4j:log4j-core (>=2.13.0 <=2.17.0)

org.apache.logging.log4j:log4j-core MAVEN version =2.13.0, =4.4.0.1, ='1.0.3', =0.0.2, =0.0.14, =2.1.0, =3.32.1.7, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.5.2 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...

8.5CVSS7.2AI score0.97906EPSS
Exploits9
vulnersOsv
vulnersOsv
added 2021/08/25 2:41 p.m.5 views

a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +100 more potentially affected by CVE-2021-37673 via tensorflow-cpu (>=1.15.0 <=2.3.1)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2021-37673 Source advisory: OSV:GHSA-278G-RQ84-9HMG...

5.5CVSS5.8AI score0.00154EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/06/16 5:37 p.m.3 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ar.com.fdvs:DynamicJasper (=4.0.4) +5791 more potentially affected by CVE-2021-23926 via org.apache.xmlbeans:xmlbeans (>=2.2.0 <=2.6.0)

org.apache.xmlbeans:xmlbeans MAVEN version =2.2.0, =1.3, =1.10.2, =1.13.0, =1.0.1, =0.0.1, =1.1.8, =2.23.5, =2.23.5, =25.11.0 and more Source cves: CVE-2021-23926 Source advisory: OSV:GHSA-MW3R-PFMG-XP92...

9.1CVSS6.7AI score0.06215EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/30 5:29 p.m.3 views

com.github.mswolfe:spring-query-filter (>=4.2.0 <=4.3.2), io.github.cyjishuang:swagger-mode (=1.0) potentially affected by CVE-2020-5421 via org.springframework:spring-framework-bom (>=4.2.3.RELEASE <=4.3.14.RELEASE)

org.springframework:spring-framework-bom MAVEN version =4.2.3.RELEASE, =4.2.0, =4.3.2 - io.github.cyjishuang:swagger-mode =1.0 Source cves: CVE-2020-5421 Source advisory: OSV:GHSA-RV39-3QH7-9V7W...

8.7CVSS6.9AI score0.10736EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/04/29 10:19 p.m.7 views

com.credibledoc:log-labelizer (>=1.0.40 <=1.0.44), com.novocode:ornate_2.11 (>=0.3 <=0.5) +105 more potentially affected by CVE-2020-11023 +1 more via org.webjars.npm:jquery (>=1.11.3 <=3.4.1)

org.webjars.npm:jquery MAVEN version =1.11.3, =1.0.40, =0.3, =1.3.0, =1.3.0, =1.3.0, =3.2.0, =2.4.0, =3.0.0, =3.1.0, =4.1.3 - de.digitalcollections:streaming-server-euphoria =3.0.0 and more Source cves: CVE-2020-11023, CVE-2020-23064 Source advisory: OSV:GHSA-JPCQ-CGW6-V4J6...

6.9CVSS6.8AI score0.8383EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2019/05/29 6:54 p.m.6 views

au.com.skytix:mesos-scheduler-client (>=1.0.0 <=1.0.3), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +513 more potentially affected by CVE-2019-0201 via org.apache.zookeeper:zookeeper (>=3.5.1-alpha <=3.5.4-beta)

org.apache.zookeeper:zookeeper MAVEN version =3.5.1-alpha, =1.0.0, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =2.1.7, =3.6.5, =3.2.0, =2.2.0, =2.2.1 and more Source cves: CVE-2019-0201 Source advisory: OSV:GHSA-2HW2-62CP-P9P7...

5.9CVSS6.8AI score0.09634EPSS
Exploits0
Kitploit
Kitploit
added 2019/04/21 1:11 p.m.108 views

Freddy - Automatically Identify Deserialisation Issues In Java And .NET Applications By Using Active And Passive Scans

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs. This useful extension was originally developed by Nick Bloor @nickstadb for NCC Group and is mainly based on the work of Alvaro Muñoz and Oleksandr Mirosh, Friday the 13th: JSON Attacks, which they presented a...

8.2AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2019/01/04 7:7 p.m.6 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +5726 more potentially affected by CVE-2018-14721 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.7.9.4)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.2, =0.8.0, =3.3.3, =0.0.1, =0.0.2, =0.0.3 - at.ac.ait.lablink.clients:sync =0.0.1 - at.ac.ait.lablink:core =0.0.1 and more Source cves: CVE-2018-14721 Source advisory:...

10CVSS7.4AI score0.10458EPSS
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2018/12/18 12:0 a.m.25 views

Searching statically-linked vulnerable library functions in executable code

Helping researchers find 0ld days Posted by Thomas Dullien, Project Zero Executive summary Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details ...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 5:23 p.m.5 views

ai.ylyue:yue-library-data-redis (>=Finchley.SR2.SR1 <=Finchley.SR4.1), am.ik.blog:blog-mapper (=4.6.0) +677 more potentially affected by CVE-2018-1259 via org.springframework.data:spring-data-commons (>=2.0.0.RELEASE <=2.0.6.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =2.0.0.RELEASE, =Finchley.SR2.SR1, =2.0.3.RELEASE, =1.0.3.RELEASE, =1.0.0, =0.9.1, =1.1.4, =1.4.1, =1.5.1.beta - cn.com.zhaoweiping:Alpha-Framework =2.0.0.RELEASE - cn.gudqs:platform =1.0 and more Source cves: CVE-2018-1259 Source advisor...

7.5CVSS7.1AI score0.0497EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/11/07 12:0 a.m.28 views

Jenkins Multiple Vulnerabilities (Oct 2017) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

9CVSS6AI score0.05844EPSS
Exploits0References1
Rows per page
Query Builder