Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.20 views

Debian: Security Advisory (DLA-1404-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.01504EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/06/29 12:0 a.m.28 views

Debian DLA-1404-1 : lava-server security update

CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled again. For Debian 8 'Jessie', these problems have been fixed in version...

6.5CVSS6.5AI score0.01504EPSS
Exploits0References3
Debian
Debian
added 2018/06/28 8:7 p.m.20 views

[SECURITY] [DLA 1404-1] lava-server security update

Package : lava-server Version : 2014.09.1-1+deb8u1 CVE ID : CVE-2018-12564 CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled...

6.5CVSS7AI score0.01504EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/06/25 12:0 a.m.25 views

Debian DSA-4234-1 : lava-server - security update

Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. C Tenable Network...

8.8CVSS7.3AI score0.02471EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2018/06/19 9:38 p.m.11 views

uscutter.com XSS vulnerability

Open Bug Bounty ID: OBB-634144 Description| Value ---|--- Affected Website:| uscutter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
CVE
CVE
added 2018/06/19 5:0 a.m.75 views

CVE-2018-12564

CVE-2018-12564 affects LAVA (lava-server) where support for URLs in the submit page can be abused to force lava-server-gunicorn to read arbitrary server files readable by lavaserver and containing valid YAML. Impact per the sources is information disclosure (no explicit compromise of integrity/av...

6.5CVSS6.4AI score0.01504EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder