Lucene search
K

4419 matches found

OSV
OSV
added 2023/11/30 10:47 a.m.7 views

OPENSUSE-SU-2023:0384-1 Security update for python-django-grappelli

This update for python-django-grappelli fixes the following issues: Update to 2.14.4: - CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks boo1216481 - Fixed: Redirect with switch user. - Improved: Remove extra filtering in AutocompleteLookup. - Improved: Added impo...

6.1CVSS6.2AI score0.0047EPSS
Exploits1References3
Fedora
Fedora
added 2023/11/30 3:34 a.m.19 views

[SECURITY] Fedora 38 Update: gstreamer1-doc-1.22.7-1.fc38

GStreamer documentation...

8.8CVSS6.9AI score0.02189EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:32 p.m.39 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service in Netty (CVE-2023-44487)

Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service in Netty 4.1.94 CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
Wallarm Lab
Wallarm Lab
added 2023/11/29 12:13 p.m.21 views

VULNERABILITY MANAGEMENT

In any strategy aimed at combating cyber threats, the essential peace is the adequate regulation of possible frailties or susceptibility points. This concept embodies a broad spectrum of actions covering the spotting, categorizing, ranking, and rectification of possible risk areas within a digita...

7.8AI score
Exploits0
Veracode
Veracode
added 2023/11/29 5:49 a.m.58 views

Inconsistency Between Implementation And Documented Design

nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys.This discrepancy between the documented and actual behavior of the API allows ...

7.5CVSS6.6AI score0.01462EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/28 8:15 p.m.1 views

DEBIAN-CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

7.5CVSS6.9AI score0.01462EPSS
Exploits0References1
Prion
Prion
added 2023/11/28 8:15 p.m.33 views

Design/Logic Flaw

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

5CVSS7AI score0.01462EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/11/28 8:15 p.m.26 views

CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

7.5CVSS6.7AI score0.01462EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/28 7:15 p.m.34 views

CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

8AI score0.01462EPSS
Exploits0References2
CVE
CVE
added 2023/11/28 7:15 p.m.678 views

CVE-2023-30590

CVE-2023-30590 concerns Node.js: the generateKeys() API of crypto.createDiffieHellman() only generates a private key when none is set, yet docs claim it generates both private and public DH keys. Multiple advisories (Debian DLA/DSA, Gentoo GLSA, AlmaLinux errata) reference this vulnerability and ...

7.5CVSS7.6AI score0.01462EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/11/28 7:15 p.m.22 views

CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

7.5CVSS7.5AI score0.01462EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.4 views

MinIO Installed (macOS)

Binary data miniomacinstalled.nbin...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/11/24 11:30 a.m.32 views

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

7.6AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2023/11/23 4:24 p.m.28 views

Metasploit Wrap-up

Enhancements and features 2 18548 from zeroSteiner - Updates the admin/http/tomcatghostcat module to follow newer library conventions. 18552 from adfoster-r7 - Adds support for Ruby 3.3.0-preview3. Bugs fixed 5 18448 from HynekPetrak - Fixes and updates the...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/11/22 8:55 p.m.19 views

Cross-site Scripting potential in custom links, job buttons, and computed fields

Impact All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected. Due to incorrect usage of Django's marksafe API when rendering certain types of user-authored content, including: - custom links - job buttons - computed fields it is possible that users with permission to...

7.1CVSS6.9AI score0.00543EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2023/11/21 4:25 p.m.9 views

SUSE-SU-2023:4513-1 Security update for apache2-mod_jk

This update for apache2-modjk fixes the following issues: Update to version 1.2.49: Apache Retrieve default request id from moduniqueid. It can also be taken from an arbitrary environment variable by configuring 'JkRequestIdIndicator'. Don't delegate the generatation of the response body to httpd...

7.5CVSS7.6AI score0.90647EPSS
Exploits0References3
RustSec
RustSec
added 2023/11/20 12:0 p.m.5 views

`tauri-winrt-notifications` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2023/11/19 2:35 p.m.28 views

Node.js: Improper handling of wildcards in --allow-fs-read and --allow-fs-write

A vulnerability was found in the Node.js permission model documentation regarding improper handling of wildcards in the --allow-fs-read and --allow-fs-write options. The documentation did not make clear that wildcards should only be used as the last character of a file path. This could result in...

5CVSS5.9AI score0.00945EPSS
Exploits0
Fedora
Fedora
added 2023/11/19 1:26 a.m.29 views

[SECURITY] Fedora 39 Update: gstreamer1-doc-1.22.7-1.fc39

GStreamer documentation...

8.8CVSS6.5AI score0.02189EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/11/19 12:0 a.m.17 views

Fedora: Security Advisory for gstreamer1-doc (FEDORA-2023-1661e0af22)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.02189EPSS
Exploits0References2
Rows per page
Query Builder