Lucene search
K

4419 matches found

OSV
OSV
added 2024/01/02 3:55 a.m.11 views

MAL-2024-20 Malicious code in yield-api-documentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd5cbdb7d4a993fa1eaa24b6a76752bcaef2b40f325168ed535651ab0b116a48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/23 9:54 a.m.40 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2023-46604]

Summary IBM Security SOAR uses an older version of Apache ActiveMQ that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack. CVE-2023-46604 Vulnerability Details...

10CVSS9.8AI score0.99654EPSS
Exploits31Affected Software1
Citrix
Citrix
added 2023/12/21 12:0 a.m.7 views

What is the maximum length of a log entry in var/log/ns.log

...

7.2AI score
Exploits0
OSV
OSV
added 2023/12/15 3:46 a.m.13 views

GHSA-X5FR-7HHJ-34J3 Full Table Permissions by Default

Default table permissions in SurrealDB were FULL instead of NONE. This would lead to tables having FULL permissions for SELECT, CREATE, UPDATE and DELETE unless some other permissions were specified via the PERMISSIONS clause. We have decided to treat this behaviour as a vulnerability due to its...

8.8CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/12/15 3:46 a.m.16 views

Full Table Permissions by Default

Default table permissions in SurrealDB were FULL instead of NONE. This would lead to tables having FULL permissions for SELECT, CREATE, UPDATE and DELETE unless some other permissions were specified via the PERMISSIONS clause. We have decided to treat this behaviour as a vulnerability due to its...

7.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/14 3:28 p.m.4 views

SUSE-SU-2023:4870-1 Security update for cosign

This update for cosign fixes the following issues: Updated to 2.2.1 jscSLE-23879 - Enhancements: CVE-2023-46737: Possible endless data attack from attacker-controlled registry bsc1216933 feat: Support basic auth and bearer auth login to registry 3310 add support for ignoring certificates with...

5.3CVSS6AI score0.0064EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 10:33 a.m.22 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service due to [CVE-2022-25883]

Summary Node.js semver is used by the Node.js runtime in IBM App Connect Enterprise Certified Container operants. IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service. This bulletin provides patch information to address the reported...

7.5CVSS7.4AI score0.02761EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/12/11 11:15 p.m.16 views

CVE-2023-49803

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/11 10:42 p.m.21 views

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS8.7AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2023/12/11 10:42 p.m.15 views

CVE-2023-49803 @koa/cors has overly permissive origin policy

@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...

8.6CVSS7.7AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2023/12/11 9:46 p.m.25 views

GHSA-QXRJ-HX23-XP82 Overly permissive origin policy

Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...

8.6CVSS7.8AI score0.00279EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/12/11 9:46 p.m.17 views

Overly permissive origin policy

Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...

8.6CVSS6.8AI score0.00279EPSS
Exploits0References4Affected Software1
Kitploit
Kitploit
added 2023/12/10 11:30 a.m.30 views

Py-Amsi - Scan Strings Or Files For Malware Using The Windows Antimalware Scan Interface

py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface AMSI API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antiviru...

7.2AI score
Exploits0References2
Hacker One
Hacker One
added 2023/12/07 4:44 a.m.6 views

PortSwigger Web Security: The role "CI-driven scan initiator" provides excessive read access

The reporter noticed that all authenticated users were able to access certain non-sensitive information such as metadata about third-party integrations. This was found to be by design, and the documentation was updated to clarify the information available to all authenticated users...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/06 12:0 a.m.39 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : PostgreSQL vulnerabilities (USN-6538-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6538-1 advisory. Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote...

8.8CVSS7.2AI score0.04322EPSS
Exploits0References4
OSV
OSV
added 2023/12/05 11:32 p.m.10 views

GHSA-X9QQ-236J-GJ97 Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true

Summary If a user has restricted access to a project that is configured with restricted=true, they can gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is possible because the shift property is not restricted unless...

7.4AI score
Exploits0References4
OpenVAS
OpenVAS
added 2023/12/05 12:0 a.m.16 views

Fedora: Security Advisory for kernel-tools (FEDORA-2023-a7b89262c6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.00319EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/12/05 12:0 a.m.19 views

Fedora: Security Advisory for kernel-tools (FEDORA-2023-15deb2e32a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.00319EPSS
Exploits0References2
Fedora
Fedora
added 2023/12/04 1:51 a.m.25 views

[SECURITY] Fedora 38 Update: kernel-tools-6.6.3-100.fc38

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.8CVSS7.6AI score0.00319EPSS
Exploits0
Fedora
Fedora
added 2023/12/04 1:37 a.m.23 views

[SECURITY] Fedora 39 Update: kernel-tools-6.6.3-200.fc39

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.8CVSS7.6AI score0.00319EPSS
Exploits0
Rows per page
Query Builder