Lucene search
K

4420 matches found

NVD
NVD
added 2023/08/23 4:15 p.m.26 views

CVE-2023-40273

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

8CVSS7.8AI score0.01366EPSS
Exploits0References3
OSV
OSV
added 2023/08/23 4:15 p.m.19 views

CVE-2023-40273

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

8CVSS7.1AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 8:23 a.m.31 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote information transfer due to CouchDB CVE-2023-26268 with details below. Vulnerability Details CVEID:CVE-2023-26268 DESCRIPTION: Apache CouchDB could allow a remote authenticated attacker to obtain sensitive...

5.3CVSS4.9AI score0.01429EPSS
Exploits0Affected Software1
Citrix
Citrix
added 2023/08/18 12:0 a.m.6 views

Exploring ICA Login and Logout Records in NetScaler logs

This articlestates the essential ICA login and logout records contained within the NetScaler's "/var/log/ns.log."...

7.1AI score
Exploits0
Fedora
Fedora
added 2023/08/17 12:34 a.m.30 views

[SECURITY] Fedora 37 Update: rust-1.71.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

7.9CVSS7AI score0.00763EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/08/17 12:0 a.m.24 views

Fedora: Security Advisory for rust (FEDORA-2023-4824704a61)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9CVSS7.3AI score0.00763EPSS
Exploits0References2
RustSec
RustSec
added 2023/08/16 12:0 p.m.5 views

`xrvrv` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/08/16 10:29 a.m.8 views

olympiahotelvalencia.com Cross Site Scripting vulnerability OBB-3586572

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Kitploit
Kitploit
added 2023/08/15 12:30 p.m.63 views

Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms

Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...

7.5AI score
Exploits0References6
Kitploit
Kitploit
added 2023/08/12 12:30 p.m.43 views

Columbus-Server - API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features

Columbus Project is an API first subdomain discovery service, blazingly fast subdomain enumeration service with advanced features. Columbus returned 638subdomains of tesla.com in 0.231 sec. Usage By default Columbus returns only the subdomains in a JSON string array: curl...

7.2AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/08/11 3:22 p.m.78 views

Metasploit weekly wrap-up

New module content 1 Metabase Setup Token RCE Authors: Maxwell Garrett, Shubham Shah, and h00die Type: Exploit Pull request: 18232 contributed by h00die Path: exploits/linux/http/metabasesetuptokenrce AttackerKB reference: CVE-2023-38646 Description: This adds a module for an unauthenticated RCE...

10CVSS9AI score0.99445EPSS
Exploits65
Fedora
Fedora
added 2023/08/10 12:43 a.m.39 views

[SECURITY] Fedora 38 Update: rust-1.71.1-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

7.9CVSS7AI score0.00763EPSS
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.14 views

replaceMember and rotateMember redundancy

Lines of code Vulnerability details Impact The replaceMember and rotateMember functions have identical functionality which may lead to redundancy and confusion. Proof of Concept Both the replaceMember and rotateMember functions essentially perform the same action: replacing a current member...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

createLock, increaseAmount int128(int256(_value)) unsafe downcast can lead to asset loss

Lines of code Vulnerability details Impact Suppose users deposit more than typeint128.max value through createLock and increaseAmount, they may get less voting power and can't get the assets back. Proof of Concept The VotingEscrow.sol is forked from FIATDAO, but it seems don't consider a MEDIUM...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.13 views

LendingLedger.sol sends ETH instead of CANTO

Lines of code Vulnerability details Impact In the documentations for the contest it is clearly stated that LendingLedger contract is expected to send CANTO to the user when they call the claim function but in reality it transfers ETH. This could be problematic if the user is a contract that expec...

6.7AI score
Exploits0
PostrgeSql
PostrgeSql
added 2023/08/10 12:0 a.m.91 views

Vulnerability in core server (CVE-2023-39417)

Extension script @substitutions@ within quoting allow SQL injection An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation examp...

8.8CVSS9.4AI score0.01572EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/09 12:0 a.m.19 views

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

6.9AI score0.01312EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/08/09 12:0 a.m.23 views

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

7.6AI score0.01312EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 4:29 p.m.47 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)

Summary Vulnerabilities in golang before 1.19.11 affect the golang component that is used by IBM Event Streams CVE-2023-29406. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper conten...

6.5CVSS7AI score0.0125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 4:3 p.m.37 views

Security Bulletin: Decision Optimization for Cloud Pak for Data is vulnerable to a server-side request forgery (CVE-2023-28155).

Summary The Node.js Request module vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. B...

6.1CVSS6.1AI score0.00719EPSS
Exploits1Affected Software1
Rows per page
Query Builder