Lucene search
K

8751 matches found

RedHat Linux
RedHat Linux
added 2022/10/06 6:32 p.m.3 views

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

8.6CVSS7.1AI score0.01708EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/10/05 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:3499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.02198EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/10/03 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2022:3483-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS8.3AI score0.0199EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/10/03 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2022:3475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.6AI score0.00268EPSS
Exploits0References4
OSV
OSV
added 2022/09/29 1:15 p.m.1 views

DEBIAN-CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

7.5CVSS7.4AI score0.00928EPSS
Exploits0References1
OSV
OSV
added 2022/09/29 12:0 a.m.19 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00928EPSS
Exploits0References7
OSV
OSV
added 2022/09/28 8:55 p.m.27 views

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.3 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix Javascript SDK prior to version 19.7.0, which stems from a lack of required checks in matrix-js-sdk...

8.6CVSS7.9AI score0.00865EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/09/28 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:3428-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.00561EPSS
Exploits1References4
CNVD
CNVD
added 2022/09/28 12:0 a.m.29 views

ZFile arbitrary file upload vulnerability

ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...

9.8CVSS3.2AI score0.00851EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/09/27 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2022:3381-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS8.3AI score0.01708EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/09/27 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2022:3397-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS7.7AI score0.22709EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 10:21 p.m.13 views

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU January 2015

Abstract Oracle released the January 2015 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

2.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 10:21 p.m.6 views

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014

Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

2.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 10:21 p.m.11 views

Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU July 2015

Abstract Oracle released the July 2015 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an...

2.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:21 p.m.43 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IMS™ Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)

Abstract There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS™ Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. These issues were disclose...

5CVSS4.9AI score0.67234EPSS
Exploits5Affected Software1
The Hacker News
The Hacker News
added 2022/09/23 1:25 p.m.23 views

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The operators are highly aware of operations security, managing carefully segmented...

0.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/09/23 7:0 a.m.18 views

My SpringOne 2022

It has taken me an embarrassingly long time to appreciate and understand that the devil is in the details regarding software development. Writing happy-path business logic isnt the hard part! Its the failure cases, observability, resilience, and process. Its security and other so-called...

0.7AI score
Exploits0
CNVD
CNVD
added 2022/09/22 12:0 a.m.11 views

Ltd. cloud cold chain management system has SQL injection vulnerability

Ltd. is a high-tech company that focuses on people's health, safety and well-being, and is a high-tech enterprise that integrates industrial and personal product development, design, manufacturing and sales to maintain people's health and assist organizations in maintaining the health and safety ...

2.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.5 views

The vulnerability of the URLDecoder class implementation in the Java Runtime Environment and the Java Development Kit application development tools allows attackers to perform cross-site scripting attacks.

The vulnerability of the URLDecoder class implementation in the Java Runtime Environment and the Java Development Kit for application development is related to the use of single-byte encoding for pages. Exploiting this vulnerability allows a remote attacker to perform cross-page scripting attacks...

6.4CVSS6.6AI score0.12018EPSS
Exploits0References6Affected Software4
Rows per page
Query Builder