Lucene search
+L

284 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:32 a.m.5 views

SUSE CVE-2018-5131

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

6.1CVSS8AI score0.02323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.5 views

PT-2023-8517 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev78 Description: The issue is related to a Cross-Site Request Forgery CSRF attack. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities. Any API...

10CVSS8.9AI score0.00948EPSS
Exploits1References18
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.8 views

CVE-2022-3644

The collection remote for pulpansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API instead of marking it as write only...

5.5AI score0.00276EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.6 views

Jenkins allows Unauthorized Viewing of Queue API Information

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

5CVSS5.9AI score0.02064EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/13 1:27 a.m.6 views

GHSA-R9FV-QPM9-RJ4G Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This...

8.8CVSS7.2AI score0.01985EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.29 views

Exposed Dangerous Method or Function

An API-exposure flaw was found in cobbler, where it exported CobblerXMLRPCInterface private functions over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain important privileges within cobbler, as well as upload files to an arbitrary location in the daemon context...

9.8CVSS3.2AI score0.6786EPSS
Exploits0References14Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/11 3:15 p.m.6 views

CVE-2022-1352

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that...

5.3CVSS6.2AI score0.01269EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.4 views

PT-2022-13821 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab EE/CE versions 11.0 through 14.8.5 Gitlab EE/CE versions 14.9 through 14.9.3 Gitlab EE/CE versions 14.10 through 14.10.0 Description: The issue is related to an insecure direct object reference vulnerability. This vulnerability may all...

5.3CVSS5.3AI score0.01269EPSS
Exploits0References9
OSV
OSV
added 2022/04/08 10:9 p.m.15 views

GHSA-MCQ2-W56R-5W2W Daemon panics when processing certain blocks

Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading to denial-of-service risks. This particularly...

7.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/02/08 8:50 p.m.5 views

CVE-2022-21713 Exposure of Sensitive Information in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID,...

4.3CVSS6.9AI score0.01168EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.9 views

StarWind Command Center 权限许可和访问控制问题漏洞

StarWind Command Center is a single management platform for managing and monitoring Ui from StarWind, Inc. designed to simplify and automate the control of day-to-day Hci routines. StarWind Command Center has a Privilege Permission and Access Control Issue vulnerability that stems from the fact...

9CVSS8.2AI score0.01121EPSS
Exploits0References3
RustSec
RustSec
added 2021/10/31 12:0 p.m.19 views

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...

0.6AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/19 12:0 a.m.11 views

PT-2021-7886

Name of the Vulnerable Software and Affected Versions Java SE versions 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0 Description The issue is related to a vulnerability in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition, which can ...

6.8CVSS6.9AI score0.027EPSS
Exploits0References199
ATTACKERKB
ATTACKERKB
added 2021/10/07 9:15 p.m.4 views

CVE-2021-42087

An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API...

4.9CVSS5.8AI score0.00853EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/10/05 12:28 p.m.27 views

CVE-2021-39875

Removed by vendor...

5.3CVSS6AI score0.01134EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/10/05 12:0 a.m.32 views

FreeBSD : Gitlab -- vulnerabilities (1bdd4db6-2223-11ec-91be-001b217b3468)

Gitlab reports : Stored XSS in merge request creation page Denial-of-service attack in Markdown parser Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown DNS Rebinding vulnerability in Gitea importer Exposure of trigger tokens on project exports Improper access control for...

8.7CVSS6.1AI score0.01227EPSS
Exploits1References23
ATTACKERKB
ATTACKERKB
added 2021/09/15 7:15 p.m.3 views

CVE-2021-40862

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1...

8.8CVSS7.2AI score0.00967EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/15 4:5 p.m.31 views

CVE-2021-32743 Passwords used to access external services inadvertently exposed through API

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

8.8CVSS8.8AI score0.01803EPSS
Exploits1References3
OSV
OSV
added 2021/06/10 3:54 p.m.91 views

GHSA-F2RP-4RV7-FC95 Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of...

7.8CVSS7.4AI score0.00273EPSS
Exploits0References5
NCSC
NCSC
added 2021/04/16 12:0 a.m.5 views

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...

6.9AI score
Exploits0
Rows per page
Query Builder