Lucene search
K

6611 matches found

Chainguard
Chainguard
added 2023/02/28 6:15 p.m.360 views

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner-fips, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, hey, kubeflow-fips, k3d, grpcurl, go, terraform-provider-sendgrid, wireguard-go, kube-state-metrics, falco, kubeflow, terraform-provider-sendgrid-fips...

7.5CVSS6.7AI score0.04561EPSS
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/02/28 5:6 p.m.21 views

The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common

The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370...

9AI score
Exploits0
CVE
CVE
added 2023/02/22 9:19 p.m.75 views

CVE-2022-37937

CVE-2022-37937 describes a pre-auth memory corruption vulnerability in HPE Serviceguard . Multiple connected sources confirm: an unauthenticated attacker could trigger memory corruption without user interaction, affecting the Serviceguard component. The issue is described consistently as pre-auth...

9.8CVSS9.5AI score0.00713EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/22 9:19 p.m.18 views

CVE-2022-37937

Pre-auth memory corruption in HPE Serviceguard...

9.8AI score0.00713EPSS
Exploits0References1
OSV
OSV
added 2023/02/22 5:15 p.m.5 views

CVE-2023-23040

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...

7.5CVSS7.1AI score0.00362EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:47 p.m.44 views

K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868

Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...

7.8CVSS6.6AI score0.81834EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.52 views

K63314101: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2022-21451 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

6.5CVSS5.8AI score0.02959EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.101 views

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

5.5CVSS5.5AI score0.01271EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.13 views

K11455641: NGINX LDAP Reference Implementation security exposure

Security Advisory Description NGINX LDAP reference implementation configuration can be modified by sending crafted HTTP requests. Note : nginx-ldap-auth is not an NGINX Product. It is published as a reference implementation of LDAP and describes the mechanics of how the integration works and all ...

6.9AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.38 views

K93543114: BIG-IP APM vulnerability CVE-2022-27181

Security Advisory Description When APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. CVE-2022-27181 Impact System performance can degrade while the system is...

5.3CVSS5.4AI score0.00854EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2023/02/21 8:17 a.m.4 views

Malicious Package

Overview mobile-auth-library-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...

9.8CVSS7.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.5 views

PT-2023-15068 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 Description: The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the...

9.1CVSS7.5AI score0.01126EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/02/19 12:0 a.m.5 views

PT-2023-20924 · Tenda · Tenda V15

Name of the Vulnerable Software and Affected Versions: Tenda V15 version V1.0 Description: A buffer overflow issue was discovered via the gotoUrl parameter in the formPortalAuth function, allowing attackers to cause a Denial of Service DoS via a crafted request. Recommendations: For Tenda V15...

7.8CVSS7.3AI score0.00896EPSS
Exploits1References6
Hacker One
Hacker One
added 2023/02/17 7:46 p.m.21 views

U.S. Dept Of Defense: Client side authentication leads to Auth Bypass

A client-side authentication vulnerability was discovered that allowed an attacker to bypass authentication and access sensitive data. By setting a specific parameter in the local storage, the attacker could gain access to the data without providing the correct password. The vulnerability was...

7.1AI score
Exploits0
Chainguard
Chainguard
added 2023/02/17 2:0 p.m.194 views

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner-fips, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, hey, kubeflow-fips, k3d, grpcurl, go, terraform-provider-sendgrid, wireguard-go, kube-state-metrics, falco, kubeflow, terraform-provider-sendgrid-fips...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2023/02/15 6:28 a.m.1117 views

Exploit for Code Injection in Pyload

pyloadCVE-2023-0297poc A code injection vulnerability...

9.8CVSS9.6AI score0.96988EPSS
Exploits13
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

7.5CVSS7.7AI score0.10906EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.2 views

SUSE CVE-2005-3119

Memory leak in the requestkeyauthdestroy function in requestkeyauth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service memory consumption via a large number of authorization token keys...

2.1CVSS6.4AI score0.0039EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.1 views

SUSE CVE-2006-1329

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...

5CVSS6.8AI score0.02826EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.2 views

SUSE CVE-2006-1721

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...

2.6CVSS7.1AI score0.0243EPSS
Exploits0References4
Rows per page
Query Builder