Lucene search
+L

188 matches found

Redos
Redos
added 2023/11/09 12:0 a.m.44 views

ROS-20231109-01

Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...

9.8CVSS8.3AI score0.03332EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/10/23 11:34 a.m.54 views

Who's Experimenting with AI Tools in Your Organization?

With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee. From a productivity perspective, that's fantastic. Unfortunately for IT and...

6.7AI score
Exploits0
RustSec
RustSec
added 2023/08/16 12:0 p.m.9 views

`envlogger` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
Intel
Intel
added 2023/08/08 12:0 a.m.17 views

Intel® PCSD BIOS Advisory

Summary: A potential security vulnerability in some Intel® Product Collaboration and Systems Division PCSD system BIOS may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-34657 Description: Improper...

6CVSS4.6AI score0.00179EPSS
Exploits0
OSV
OSV
added 2023/03/20 9:26 p.m.81 views

GHSA-C24F-2J3G-RG48 kaml has potential denial of service while parsing input with anchors and aliases

Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...

7.5CVSS7.4AI score0.00974EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:29 a.m.34 views

Security Bulletin: TADDM Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

4.3CVSS7.4AI score0.66817EPSS
Exploits1Affected Software1
Intel
Intel
added 2022/08/09 12:0 a.m.30 views

Intel® Connect M Android App Advisory

Summary: A potential security vulnerability in the Intel® Connect Mobile Connect M Android application may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-44470 Description: Incorrect default...

5.5CVSS5AI score0.00181EPSS
Exploits0
Hacker One
Hacker One
added 2022/08/01 10:19 p.m.18 views

Adobe: Reflected Cross site scripting via Swagger UI

The security researcher responsibly disclosed a Reflected XSS to Adobe. We appreciate the collaboration and we're proceeding to include his name in our Acknowledgement page...

1.9AI score
Exploits0
OSV
OSV
added 2022/04/28 9:1 p.m.29 views

GHSA-M98G-63QJ-FP8J Reflected XSS on clients-registrations endpoint

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser. Acknowledgement...

6.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/12/14 9:31 p.m.5 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.6 views

Siemens Nucleus 缓冲区错误漏洞

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

7.5CVSS6AI score0.01476EPSS
Exploits0References15
OSV
OSV
added 2021/11/03 5:36 p.m.20 views

GHSA-HGC3-HP6X-WPGX Antilles Dependency Confusion Vulnerability

Potential Impact: Remote code execution. Scope of Impact: Open-source project specific. Summary Description: A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a packag...

8.8CVSS9AI score0.01971EPSS
Exploits0References5
OSV
OSV
added 2021/06/28 4:45 p.m.13 views

GHSA-2JX8-V4HV-GX3H XXE vulnerability in Launch import

| Release Date | Affected Projects | Affected Versions | Access Vector| Security Risk | |--------------|-------------------|-------------------|---------------|---------------| | Monday, May 4, 2020| service-api | Every version, starting from 3.1.0 | Remote | Medium | Impact Starting from version...

7.5CVSS7.6AI score0.01349EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/06/04 12:0 a.m.290 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration

Trovent Security Advisory 2104-01 User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

7.4AI score
Exploits0
OSV
OSV
added 2021/05/10 4:15 p.m.1 views

DEBIAN-CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server...

6.1CVSS6.7AI score0.01399EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/04/16 7:52 p.m.61 views

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...

9.1CVSS8.7AI score0.0096EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/16 7:52 p.m.19 views

GHSA-27FJ-MC8W-J9WG RSA signature validation vulnerability on maleable encoded message in jsrsasign

Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted...

9.1CVSS9.2AI score0.0096EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2021/04/14 12:0 a.m.318 views

CITSmart ITSM 9.1.2.22 - LDAP Injection

Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection Google Dork: "citsmart.local" Date: 29/12/2020 Exploit Author: skysbsb Vendor Homepage: https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html Version: = 9.1.2.23 Using this LDAP query in the usernam...

9.8CVSS9.7AI score0.13309EPSS
Exploits3
OSV
OSV
added 2021/04/07 7:15 p.m.6 views

ALPINE-CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS6.7AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2021/03/04 3:17 p.m.24 views

ALSA-2021:0735 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.24.0. Security Fixes: nodejs: HTTP2 'unknownProtocol' cause DoS by resource...

7.8CVSS7.8AI score0.77385EPSS
Exploits1References3
Rows per page
Query Builder