Lucene search
K

4420 matches found

vulnersOsv
vulnersOsv
added 2023/10/10 9:16 p.m.3 views

com.infomaximum:network (>=1.1.3p8 <=1.1.3p10), com.infomaximum:platform (>=0.1.6p17 <=0.1.13p1) +11 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=11.0.10 <=11.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =11.0.10, =1.1.3p8, =0.1.6p17, =0.2.0, =0.2.0, =0.2.0, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.10, =11.0.15 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

7.5CVSS6.7AI score0.03754EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/10/10 9:16 p.m.7 views

org.eclipse.jetty.documentation:jetty-documentation (>=10.0.10 <=10.0.15), org.eclipse.jetty.http3:http3-client (>=10.0.10 <=10.0.15) +6 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=10.0.10 <=10.0.15)

org.eclipse.jetty.http3:http3-qpack MAVEN version =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =5.26.1, =5.27.0 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...

7.5CVSS6.7AI score0.03754EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/10/06 8:43 p.m.48 views

JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

9.4CVSS6.6AI score0.00461EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/10/06 8:43 p.m.25 views

GHSA-622H-H2P8-743X JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

Impact A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart 2.6.3+....

9.4CVSS5.5AI score0.00461EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/09/29 8:38 p.m.35 views

CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation

Amulet Security Advisory for CometBFT: ASA-2023-002 Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be large for common use cases, and may affect block times and...

7AI score
Exploits0References10Affected Software1
Kitploit
Kitploit
added 2023/09/29 11:30 a.m.28 views

Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections

Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers. Key Links Download here See the user documentation to get...

7.2AI score
Exploits0References5
NVD
NVD
added 2023/09/29 7:15 a.m.13 views

CVE-2023-3920

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

4.3CVSS4.6AI score0.00381EPSS
Exploits0References2
Prion
Prion
added 2023/09/29 7:15 a.m.20 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

4CVSS4.6AI score0.00381EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.21 views

GitLab 11.2 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3920)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was...

4.3CVSS5.1AI score0.00381EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/28 3:39 p.m.42 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to loss of confidentiality

Summary The Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java...

5.3CVSS6.2AI score0.00772EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.3 views

PT-2023-26833 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.2 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where a maintainer could create a fork relationship between existing projects...

4.3CVSS6.6AI score0.00381EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.33 views

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)

The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...

9.8CVSS7.8AI score0.99677EPSS
Exploits105References6
Openbugbounty
Openbugbounty
added 2023/09/24 6:24 p.m.12 views

musikfest-goslar.de Cross Site Scripting vulnerability OBB-3707234

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/09/23 1:15 p.m.29 views

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...

6.8AI score
Exploits0
Veracode
Veracode
added 2023/09/22 11:26 a.m.18 views

Arbitrary Code Execution

Apache airflow hdfs provider package is found to be vulnerable to code execution. Incorrect documentation points users to install an incorrect pip package. Since this package is unverified, an attacker can claim this package and provide code that would be executed when this package was installed...

7.8CVSS7.2AI score0.0046EPSS
Exploits0References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/09/22 12:0 a.m.9 views

Paketo Buildpacks Bionic End Of Support

The Spring Boot plugins for Maven and Gradle provide the ability to build Docker images using Cloud Native Buildpacks. By default, Spring Boot uses the CNB builders provided by the Paketo Buildpacks project. What's Changed The Paketo Buildpacks project has announced that Ubuntu 18.04 Bionic-based...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/20 2:58 p.m.20 views

CVE-2023-43635 Vault Key Sealed With SHA1 PCRs

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

8.8CVSS6.9AI score0.0011EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/09/16 9:11 a.m.415 views

Exploit for PHP External Variable Modification in Juniper Junos

Vulnerability Scanner for Juniper CVE-2023-36845 This vulnera...

9.8CVSS8AI score0.93546EPSS
Exploits25
Fedora
Fedora
added 2023/09/16 1:41 a.m.37 views

[SECURITY] Fedora 37 Update: flac-1.3.4-3.fc37

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

7.8CVSS6.9AI score0.00749EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.7 views

Fedora: Security Advisory for python3-docs (FEDORA-2023-aeb32a843f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder