Lucene search
K

91 matches found

RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.5 views

quarkus-core: Leak of local configuration properties into Quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

7CVSS7.1AI score0.00286EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/25 12:0 a.m.33 views

EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1844)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

7.5CVSS6.3AI score0.01118EPSS
Exploits0References2
Redos
Redos
added 2024/05/21 12:0 a.m.22 views

ROS-20240521-06

A vulnerability in the RSA Key Exchange Handler component of the encryption and SSL toolkit for Python m2crypto is related to decryption of captured messages on TLS servers using RSA key exchange. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to t...

7.5CVSS7AI score0.01124EPSS
Exploits0
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.5 views

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift, which stems from the presence of an information disclosure that could allow an...

6.8CVSS6.3AI score0.00688EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2024/04/08 1:21 p.m.13 views

captured-travel.com Cross Site Scripting vulnerability OBB-3909628

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Fedora
Fedora
added 2024/03/24 1:7 a.m.32 views

[SECURITY] Fedora 39 Update: tcpreplay-4.4.4-5.fc39

Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay supports pcap tcpdump and snoop capture formats. Also included, is tcpprep a tool to pre-process capture files to allow increased performance under certain conditions as well as capinfo which provides basic information...

6.5CVSS5.4AI score0.00673EPSS
Exploits2
NVD
NVD
added 2024/03/06 7:15 a.m.25 views

CVE-2023-52589

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...

4.7CVSS7.3AI score0.00173EPSS
Exploits0References4
OSV
OSV
added 2024/02/05 9:30 p.m.35 views

GHSA-3WW4-GG4F-JR7F Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

8.7CVSS7.5AI score0.01118EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/02/05 9:15 p.m.52 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.7AI score0.01118EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/02/05 9:15 p.m.36 views

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

7.5CVSS6.8AI score0.01124EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/01/13 12:0 a.m.4 views

Chromium Embedded Framework Buffer Error Vulnerability

Chromium Embedded Framework CEF is a simple framework for Chromium Embedded Framework open source. It is used to embed Chromium-based browsers in other applications. A buffer error vulnerability exists in Chromium Embedded Framework CEF that stems from CefVideoConsumerOSR OnFrameCaptured not...

9.6CVSS7AI score0.00551EPSS
Exploits1References3
OSV
OSV
added 2024/01/05 4:1 p.m.14 views

GHSA-437M-7HJ5-9MPW Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster

Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...

6.5CVSS6.6AI score0.00489EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/12/13 10:29 p.m.42 views

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...

7.5CVSS6.5AI score0.02454EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/22 7:16 p.m.2 views

CVE-2022-45611

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information...

9.8CVSS7.4AI score0.00942EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/21 10:34 p.m.12 views

CVE-2023-4301 CSRF vulnerability in Fortify Plugin allow capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS6.6AI score0.00196EPSS
Exploits0References1
Prion
Prion
added 2023/07/12 4:15 p.m.22 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.8CVSS8.7AI score0.0051EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/05/11 12:0 a.m.371 views

Textpattern 4.8.8 Session Token Disclosure

Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Date: 05.10.2023 Vendor: https://textpattern.com/ Software: https://github.com/textpattern/textpattern/releases/tag/4.8.8 Reference: https://portswigger.net/kb/issues/00500700session-token-in-url,...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.32 views

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.00515EPSS
Exploits0References1
Huntr
Huntr
added 2022/11/24 6:38 a.m.19 views

Missing CSRF protection

Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...

4.9CVSS0.3AI score0.00479EPSS
Exploits1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.54 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.9AI score0.0039EPSS
Exploits0References2
Rows per page
Query Builder