Lucene search
K

8751 matches found

Fedora
Fedora
added 2019/11/30 12:58 a.m.43 views

[SECURITY] Fedora 31 Update: python-pillow-6.1.0-4.fc31

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

7.5CVSS1.4AI score0.03154EPSS
Exploits0
CNVD
CNVD
added 2019/11/28 12:0 a.m.2 views

Weak Password Vulnerability in Tianrongxin NGFW® Next-Generation Firewall

NGFW®, the next-generation firewall of TIANRONGXIN, adopts its own patented operating system NGTOS and security engine, utilizes the advanced Intel® Xeon® processor family and integrates the packet processing framework provided by Intel® Data Plane Development Kit to provide network processing...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/26 7:57 p.m.5 views

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

8.8CVSS5.8AI score0.0119EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/11/26 7:57 p.m.3 views

wildfly-security-manager: security manager authorization bypass

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks...

8.8CVSS5.8AI score0.0119EPSS
Exploits0References4
CNVD
CNVD
added 2019/11/26 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in New Jincheng Career Development Education Platform

JC Career Development Education Platform CDEP for short is a network implementation platform for career development education work of universities, colleges and universities, authorities and education and training institutions in China. A stored cross-site scripting vulnerability exists in the ne...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/11/21 4:35 p.m.35 views

Gnip Banking Trojan Shows Ongoing, Aggressive Development

A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating — including a sample released in...

7.5AI score
Exploits0References5
Openbugbounty
Openbugbounty
added 2019/11/21 12:58 p.m.10 views

arabdevelopmentportal.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1020698 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting arabdevelopmentportal.com...

0.2AI score
Exploits0
OSV
OSV
added 2019/11/21 12:0 p.m.13 views

RUSTSEC-2019-0031 spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

7.1AI score
Exploits0References3
CNVD
CNVD
added 2019/11/20 12:0 a.m.2 views

IrfanView Code Issue Vulnerability

IrfanView is an image viewer by Irfan Skiljan software developer in Bosnia and Herzegovina that supports image browsing, image editing, image format conversion and more. A code issue vulnerability exists in IrfanView version 4.53. The vulnerability stems from an improperly designed or implemented...

5.5CVSS7.1AI score0.01302EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/20 12:0 a.m.3 views

SITOS six build code issue vulnerability

SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. A code issue vulnerability exists in SITOS six Build v6.2.1. The vulnerability stems from an improperly designed or implemented code development process for a...

9.8CVSS7.7AI score0.01552EPSS
Exploits0References1
Snyk
Snyk
added 2019/11/19 12:2 p.m.2 views

Cross-site Scripting (XSS)

Overview io.ratpack:ratpack-core is a simple, capable, toolkit for creating high performance web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS. This affects the development mode error handler when an exception message contains untrusted data. Note the...

6.3CVSS5.3AI score0.00857EPSS
Exploits1References2
Fedora
Fedora
added 2019/11/19 1:15 a.m.31 views

[SECURITY] Fedora 30 Update: limnoria-20191109-2.fc30

Supybot is a robust it doesn't crash, user friendly it's easy to configure and programmer friendly plugins are extremely easy to write Python IRC bot. It aims to be an adequate replacement for most existing IRC bots. It includes a very flexible and powerful ACL system for controlling access to...

9.8CVSS1.2AI score0.0171EPSS
Exploits0
OSV
OSV
added 2019/11/14 5:15 p.m.2 views

DEBIAN-CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file...

7.5CVSS7.1AI score0.02815EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.2 views

The vulnerability of the OAM component in Oracle JDeveloper and ADF allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OAM component in Oracle JDeveloper and ADF is related to lack of access control. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

3.5CVSS5.8AI score0.00882EPSS
Exploits0References3Affected Software2
Cisco
Cisco
added 2019/11/06 4:0 p.m.50 views

Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

6.6CVSS1.5AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2019/11/05 5:47 p.m.11 views

ALBA-2019:3457 new packages: gcc-toolset-9-gdb

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-gdb packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

7AI score
Exploits0References1
AlmaLinux
AlmaLinux
added 2019/11/05 5:47 p.m.13 views

new packages: gcc-toolset-9-ltrace

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-ltrace packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

3AI score
Exploits0References1
OSV
OSV
added 2019/11/05 5:47 p.m.9 views

ALBA-2019:3455 new packages: gcc-toolset-9-ltrace

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-ltrace packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

7AI score
Exploits0References1
OSV
OSV
added 2019/11/05 5:47 p.m.7 views

ALBA-2019:3449 new packages: gcc-toolset-9-dyninst

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

7AI score
Exploits0References1
AlmaLinux
AlmaLinux
added 2019/11/05 5:47 p.m.14 views

new packages: gcc-toolset-9-dyninst

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-dyninst packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

3AI score
Exploits0References1
Rows per page
Query Builder