Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.52 views

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-3299)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or...

8.1CVSS7.6AI score0.99999EPSS
Exploits19References7
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.29 views

Amazon Linux 2023 : ecs-init (ALAS2023-2024-480)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-480 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now...

6.5CVSS7AI score0.01328EPSS
Exploits0References6
Amazon
Amazon
added 2023/09/20 12:0 a.m.7 views

Important: amazon-ecr-credential-helper

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7.1AI score0.01328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/14 12:0 a.m.31 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-283)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-283 advisory. The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to...

6.5CVSS7.2AI score0.0125EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/07/20 1:6 p.m.55 views

Moderate: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS6.4AI score0.01812EPSS
Exploits0References11
OSV
OSV
added 2023/07/20 12:0 a.m.56 views

ALSA-2023:4175 Moderate: java-11-openjdk security and bug fix update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper handling o...

7.5CVSS7AI score0.01812EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.24 views

RHEL 9 : java-17-openjdk (RHSA-2023:4177)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4177 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...

7.5CVSS6.4AI score0.01812EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2023/07/19 5:24 p.m.284 views

Moderate: Red Hat Security Advisory: java-11-openjdk security and bug fix update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

7.5CVSS6.4AI score0.01812EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from Keycloak's device authorization not properly validating the device code and...

8.1CVSS6.5AI score0.00694EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2020/07/31 12:0 a.m.34 views

VMware Fusion 11.x < 11.5.5 Privilege Escalation (VMSA-2020-0017)

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.5. It is, therefore, affected by a privilege escalation vulnerability due to Improper XPC Client validation. An authenticated, local attacker can exploit this to escalate their normal user privileges...

7.8CVSS7.5AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2020/07/10 2:15 p.m.27 views

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

7.8CVSS0.00359EPSS
Exploits0References1
Prion
Prion
added 2020/07/10 2:15 p.m.17 views

Privilege escalation

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

7.2CVSS8AI score0.00359EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/07/10 1:14 p.m.25 views

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

8.1AI score0.00359EPSS
Exploits0References1
CVE
CVE
added 2020/07/10 1:14 p.m.164 views

CVE-2020-3974

CVE-2020-3974 affects VMware Fusion 11.x (pre-11.5.5), VMware Remote Console for Mac 11.x (pre-11.2.0), and Horizon Client for Mac 5.x (pre-5.4.3). It is a local privilege-escalation due to improper XPC Client validation, allowing a normal-privilege user to gain root access. Exploitation requires...

7.8CVSS8AI score0.00359EPSS
Exploits0References1Affected Software3
CNVD
CNVD
added 2019/10/29 12:0 a.m.4 views

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2019-39353)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

6.3AI score
Exploits0References1
CNVD
CNVD
added 2019/05/23 12:0 a.m.3 views

IdentityServer IdentityServer4 Cross-Site Scripting Vulnerability

IdentityServer IdentityServer4 is an open source for ASP.NET Core OAuth open authorization framework. A cross-site scripting vulnerability exists in IdentityServer IdentityServer4 2.4 and earlier versions. The vulnerability stems from the lack of proper validation of client-side data in WEB...

6.1CVSS6.4AI score0.00848EPSS
Exploits1References1
OSV
OSV
added 2019/01/31 6:29 p.m.8 views

DEBIAN-CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS6.6AI score0.01976EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2016/04/12 9:38 p.m.4 views

samba: Server certificates not validated at client side

It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate...

7.4CVSS6.7AI score0.02581EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.44 views

Squid SSL-Bump Certificate Validation Bypass Vulnerability (SQUID-2015:1)

Squid is prone to certificate validation bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squid-cache:squid"...

2.6CVSS7.6AI score0.11402EPSS
Exploits0References4
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.36 views

Serena Dimensions CM cryptographic vulnerability

Server certificate is not validated by client...

2.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder