CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

9.9CVSS0.00433EPSS

Exploits0References2

Positive Technologies•added 2024/06/25 12:0 a.m.•3 views

PT-2024-37525 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit versions prior to 0.7.0 Description: The issue concerns missing authorization in the Client-Server API, allowing for unauthorized removal and addition of aliases to different rooms. This can be exploited for privilege escalation by...

9.9CVSS7.7AI score0.00433EPSS

Exploits0References4

SUSE CVE•added 2024/06/16 4:19 a.m.•9 views

SUSE CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.7AI score0.02242EPSS

Exploits5References2

OSV•added 2024/05/29 8:18 p.m.•2 views

CVE-2024-35221 Denial of service when publishing a package on rubygems.org

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS6.9AI score0.00494EPSS

Exploits0References5

SUSE CVE•added 2024/05/29 2:19 p.m.•1 views

SUSE CVE-2023-52774

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel...

5.5CVSS6.2AI score0.0024EPSS

Exploits0References18

Tenable Nessus•added 2024/05/29 12:0 a.m.•16 views

Oracle Linux 8 : tigervnc (ELSA-2024-3261)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3261 advisory. - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix CVE-2024-31083...

7.8CVSS7.4AI score0.01843EPSS

Exploits0References4

Oracle linux•added 2024/05/29 12:0 a.m.•29 views

tigervnc security update

1.13.1-10 - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 1.13.1-9 - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix CVE-2024-31083 tigervnc...

7.8CVSS7.4AI score0.01843EPSS

Exploits0

OSV•added 2024/05/24 11:8 a.m.•5 views

OESA-2024-1652 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasdaliasgetstartdev due to missing pavgroup Fix Oops in dasdaliasgetstartdev function caused by the pavgroup pointer being NULL. The...

7.8CVSS5.5AI score0.00828EPSS

Exploits2References16

OSV•added 2024/05/21 4:15 p.m.•1 views

DEBIAN-CVE-2023-52774

5.5CVSS5AI score0.0024EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by