Lucene search
K

4421 matches found

UbuntuCve
UbuntuCve
added 2023/06/25 6:15 p.m.107 views

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

7.5CVSS6.8AI score0.01584EPSS
Exploits1References4
Kitploit
Kitploit
added 2023/06/25 12:30 p.m.31 views

Gato - GitHub Self-Hosted Runner Enumeration And Attack Tool

Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to evaluate the blast radius of a compromised personal access token within a GitHub organization. The tool also allows searching for and thoroughly enumerating publ...

7.7AI score
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/06/22 2:38 a.m.3 views

SUSE CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

5.3CVSS8.2AI score0.01462EPSS
Exploits0References14
OSV
OSV
added 2023/06/21 9:58 p.m.26 views

GHSA-47P7-XFCC-4PV9 php-imap vulnerable to RCE through a directory traversal vulnerability

Summary An unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability which results in a remote code execution vulnerability. Details An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-im...

9CVSS9.7AI score0.03191EPSS
Exploits1References7
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.15 views

Upgraded Q -> 2 from #16 [1686928129422]

Judge has assessed an item in Issue 16 as 2 risk. The relevant finding follows: L-3 onlyOwner single point of failure Impact The onlyOwner role has a single point of failure and onlyOwner can use critical a few functions. Even if protocol admins/developers are not malicious there is still a chanc...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.12 views

The low-level call returns true if the address does not exist

Lines of code Vulnerability details Impact As written in the Solidity documentation , the call, delegatecall and staticcall low-level functions return true as its first return value if the account being invoked does not exist, as part of the design of the EVM. The existence of the account must be...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.69 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

6.6AI score
Exploits0
Fedora
Fedora
added 2023/06/04 1:23 a.m.23 views

[SECURITY] Fedora 37 Update: texlive-base-20210325-54.fc37

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

8.8CVSS7AI score0.00804EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/01 3:3 p.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run designer flows containing Box nodes are vulnerable to security restriction bypass due to [CVE-2023-32313]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container by the Box connector in designer flows. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run designer flows containing Box nodes are vulnerable to security...

5.3CVSS7AI score0.0079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/01 2:43 p.m.20 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use MQ Client nodes are vulnerable to disclosure of sensitive information due to [CVE-2023-28950]

Summary IBM MQ is used by IBM App Connect Enterprise Certified Container by the MQ Client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing MQ Client nodes are vulnerable to disclosure of sensitive information...

5.5CVSS5.2AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/01 2:41 p.m.21 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the MQ Client nodes are vulnerable to denial of service due to [CVE-2023-22874]

Summary IBM MQ is used by IBM App Connect Enterprise Certified Container by the MQ Client nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run toolkit flows containing MQ Client nodes are vulnerable to denial of service. This bulletin...

5.5CVSS5.6AI score0.00206EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2023/05/31 5:34 p.m.11 views

[SECURITY] Fedora 38 Update: wordpress-6.2.2-1.fc38

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

6.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 3:22 p.m.29 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands is vulnerable to arbitrary code execution due to [CVE-2023-32314]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container in Designer flows by the Box connector. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address...

10CVSS9.8AI score0.05596EPSS
Exploits1Affected Software1
Fedora
Fedora
added 2023/05/31 1:35 a.m.28 views

[SECURITY] Fedora 38 Update: texlive-base-20220321-72.fc38

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

8.8CVSS7AI score0.00804EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/05/31 12:0 a.m.47 views

JVN#38222042: DataSpider Servista uses a hard-coded cryptographic key

DataSpider Servista provided by SAISON INFORMATION SYSTEMS CO.,LTD. is a data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS,...

8.8CVSS8.8AI score0.00812EPSS
Exploits0
GithubExploit
GithubExploit
added 2023/05/27 6:43 a.m.358 views

Exploit for Cross-site Scripting in Ourphp

create a vulnerable Docker environment that is susceptible to...

6.1CVSS6.4AI score0.08115EPSS
Exploits9
OSV
OSV
added 2023/05/25 4:58 p.m.31 views

GHSA-33HQ-F2MF-JM3C kyverno seccomp control can be circumvented

Impact Users of the podSecurity validate.podSecurity subrule in Kyverno versions v1.9.2 and v1.9.3 may be unable to enforce the check for the Seccomp control at the baseline level when using a version value of latest. There is no effect if a version number is referenced instead. See the...

4.6CVSS6.2AI score0.00485EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/25 12:3 p.m.36 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-2251]

Summary Node.js module yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilit...

7.5CVSS7.4AI score0.01093EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.28 views

Ubuntu 16.04 ESM : Django vulnerability (USN-6054-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6054-2 advisory. USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

9.8CVSS7AI score0.0138EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/24 1:34 p.m.53 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
Rows per page
Query Builder