Lucene search
K

661 matches found

OSV
OSV
added 2025/10/02 7:15 a.m.4 views

SUSE-SU-2025:03449-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that do...

2.9CVSS7.1AI score0.00205EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.3 views

SafeSearch: Automated Red-Teaming for the Safety of LLM-Based Search Agents

Search agents connect LLMs to the Internet, enabling access to broader and more up-to-date information. However, unreliable search results may also pose safety threats to end users, establishing a new threat surface. In this work, we conduct two in-the-wild experiments to demonstrate both the...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-41337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or...

6.7CVSS6.7AI score0.00181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-1778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When OTRS uses multiple backends for user authentication with LDAP, agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0...

4.3CVSS5.2AI score0.00643EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-36659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the...

8.1CVSS7.2AI score0.00559EPSS
Exploits1References2
OSV
OSV
added 2025/08/29 10:15 p.m.3 views

UBUNTU-CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-1002105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver...

9.8CVSS8.2AI score0.86978EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-23039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

7CVSS6.6AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-16093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because th...

7.5CVSS7.2AI score0.00559EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-34095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable t...

9.8CVSS8.4AI score0.01539EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.3 views

NewStart CGSL MAIN 7.02 : sane-backends Vulnerability (NS-SA-2025-0135)

The remote NewStart CGSL host, running version MAIN 7.02, has sane-backends packages installed that are affected by a vulnerability: - An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because...

7.3CVSS6.1AI score0.00372EPSS
Exploits1References3
OSV
OSV
added 2025/07/11 5:33 p.m.4 views

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

4.8CVSS7AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/07/10 5:15 p.m.5 views

AZL-65175 CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

7.5CVSS7.1AI score0.01149EPSS
Exploits0References1
OSV
OSV
added 2025/06/18 11:15 a.m.7 views

UBUNTU-CVE-2022-50049

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...

5.5CVSS6AI score0.00154EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:1 a.m.5 views

CVE-2023-28623

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

6.5CVSS7AI score0.00527EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.5 views

CVE-2020-16093

In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...

7.5CVSS6.5AI score0.00559EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 a.m.9 views

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

8.3CVSS7.2AI score0.01023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0091: sane-backends (ALINUX3-SA-2021:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12861: A heap buffer overflow in...

8.8CVSS8.2AI score0.03044EPSS
Exploits2References3
OSV
OSV
added 2025/05/12 12:58 p.m.5 views

USN-7506-2 linux-aws vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

7.8CVSS6.8AI score0.00351EPSS
Exploits1References33
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-12862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important informatio...

4.3CVSS6.1AI score0.01077EPSS
Exploits1References2
Rows per page
Query Builder