Lucene search
K

72 matches found

OSV
OSV
added 2023/08/29 4:15 p.m.10 views

UBUNTU-CVE-2021-32050

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

7.5CVSS7AI score0.00492EPSS
Exploits0References7
OSV
OSV
added 2023/08/02 1:15 p.m.5 views

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

7.5CVSS5.8AI score0.00995EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/03/30 1:45 a.m.3 views

SUSE CVE-2023-0466

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

2CVSS6.3AI score0.01625EPSS
Exploits0References82
PyPA
PyPA
added 2023/03/20 4:15 p.m.10 views

PYSEC-2023-9

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS6.9AI score0.00722EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.6 views

SUSE CVE-2019-0221

The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a...

6.3CVSS7AI score0.45571EPSS
Exploits3References11
OSV
OSV
added 2023/02/14 6:15 p.m.5 views

CVE-2023-22931

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary RSS feeds without verifying permissions. This feature has been deprecated and disabled by default...

4.3CVSS5.7AI score0.00362EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/08/30 7:0 a.m.1 views

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default it could allow an attacker to crash the system or have other memory-corruption side effects.

...

7.8CVSS7.2AI score0.00265EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/09/16 12:15 p.m.3 views

CVE-2021-40067

The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group...

6.8CVSS5.8AI score0.00578EPSS
Exploits0References2
OSV
OSV
added 2021/08/13 4:15 p.m.4 views

CVE-2021-37028

There is a command injection vulnerability in the HG8045Q product. When the command-line interface is enabled, which is disabled by default, attackers with administrator privilege could execute part of commands...

6.7CVSS5.8AI score
Exploits0References2
NCSC
NCSC
added 2021/07/14 12:0 a.m.52 views

Vulnerabilities fixed in VMware ESXi

VMware has fixed two vulnerabilities in ESXi. The vulnerability with reference CVE-2021-21994 is located in the Small Footprint CIM Broker SFCB and allows a remote malicious person to bypass authentication. This requires rogue network traffic be sent to port 5989 of the ESXi server. The...

9.8CVSS7AI score0.01158EPSS
Exploits0
OSV
OSV
added 2021/02/16 4:15 p.m.6 views

CVE-2020-35565

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default...

9.8CVSS7.3AI score0.01051EPSS
Exploits0References2
OSV
OSV
added 2019/06/28 11:15 p.m.4 views

DEBIAN-CVE-2019-13031

LemonLDAP::NG before 1.9.20 has an XML External Entity XXE issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule...

8.1CVSS7.1AI score0.01934EPSS
Exploits0References1
Rows per page
Query Builder