Lucene search
K

166 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/14 12:0 a.m.35 views

Fedora 40 : python3-docs / python3.12 (2024-1d0cb3b43f)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d0cb3b43f advisory. This is the sixth maintenance release of Python 3.12 ==================================================== Python 3.12 is the newest major release of...

8.7CVSS6.8AI score0.02527EPSS
Exploits4References5
AlpineLinux
AlpineLinux
added 2024/08/19 7:6 p.m.32 views

CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS7.3AI score0.02303EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/06/14 12:0 a.m.14 views

RICOH Printers Improper Authentication Vulnerability (Mar 2024)

Multiple RICOH printers and multifunction printers are prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

5.3CVSS7.3AI score0.00345EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/06/13 12:0 a.m.634 views

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rejetto HTTP File Server HFS Unauthenticated Remote Code Execution', 'Description' = %q The Rejetto HTTP File Server HFS version 2.x is vulnerabl...

7.4AI score0.99485EPSS
Exploits20
Prion
Prion
added 2024/02/09 10:15 p.m.21 views

Session fixation

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

1CVSS7.2AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/09 9:22 p.m.15 views

CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

3.9CVSS6.7AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/09 9:22 p.m.20 views

CVE-2023-45718 HCL Sametime is impacted by a failure to invalidate sessions

Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session...

3.9CVSS4.5AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2024/02/09 9:22 p.m.56 views

CVE-2023-45718

CVE-2023-45718 affects HCL Sametime Web: a failure to invalidate sessions causes sensitive cookie values to persist after a user closes the session. The NVD entry notes a high overall impact (CVSS v3.1: 7.5, HIGH) with network attack vector and no user interaction. The description specifies cooki...

7.5CVSS4.3AI score0.00354EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.5 views

Sentry 安全漏洞

Mobileiron Sentry is a smart gateway product from Mobileiron. A security vulnerability exists in Sentry versions prior to 1.14.0. An attacker could exploit this vulnerability to disclose sensitive cookie values...

7.6CVSS6.7AI score0.00641EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-3355

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values"...

6.4CVSS7.2AI score0.02226EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.25 views

Security Bulletin: IBM CICS TX Standard is vulnerable to attackers being able to get cookie values (CVE-2022-34307).

Summary IBM CICS TX could allow attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. The fix...

4.3CVSS4AI score0.00459EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

Pi-hole 代码问题漏洞

Pi-hole is a web-grade ad-blocking application from Pi-hole, Inc. A security vulnerability exists in the Pi-hole web interface version 4.0 through versions prior to 5.18.3, which stems from improper use of cookie values...

8.8CVSS7.9AI score0.0097EPSS
Exploits1References2
OSV
OSV
added 2022/12/01 10:15 a.m.5 views

CVE-2022-4221

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

9.8CVSS5.9AI score0.04803EPSS
Exploits1References1
NVD
NVD
added 2022/12/01 10:15 a.m.18 views

CVE-2022-4221

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

9.8CVSS0.04803EPSS
Exploits1References1
Prion
Prion
added 2022/12/01 10:15 a.m.14 views

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

7.5CVSS9.6AI score0.04803EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/12/01 9:26 a.m.17 views

CVE-2022-4221 OS command injection in ASUS M25 NAS

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

9.8CVSS9.9AI score0.04803EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/01 9:26 a.m.7 views

CVE-2022-4221 OS command injection in ASUS M25 NAS

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7...

9.8CVSS9.7AI score0.04803EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/01 12:0 a.m.4 views

PT-2022-26313 · Asus · Asus Nas-M25

Name of the Vulnerable Software and Affected Versions: Asus NAS-M25 versions through 1.0.1.7 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie value...

9.8CVSS9.3AI score0.04803EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.3 views

ASUS NAS-M25 操作系统命令注入漏洞

The ASUS NAS-M25 is a storage server from Asus China. A security vulnerability exists in ASUS NAS-M25 version 1.0.1.7 and prior versions, which stems from an improperly neutralized special element used OS Command Injection vulnerability that allows an unauthenticated attacker to inject arbitrary...

9.8CVSS8.7AI score0.04803EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.3 views

WordPress plugin Simple:Press 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A reflective cross-site...

4.7CVSS5.8AI score0.00558EPSS
Exploits0References3
Rows per page
Query Builder