Lucene search
K

4422 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/05/24 1:34 p.m.53 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...

8.2CVSS6.7AI score0.02464EPSS
Exploits1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2023/05/19 6:44 p.m.49 views

Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

5.8CVSS8.6AI score0.84697EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:0 p.m.43 views

Security Bulletin: PyTorch is vulnerable to CVE-2022-45907 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyTorch which is vulnerable to CVE-2022-21271. Vulnerability Details CVEID:CVE-2022-45907 DESCRIPTION: PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS6.3AI score0.02789EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.37 views

FreeBSD : postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes (fbb5a260-f00f-11ed-bbae-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fbb5a260-f00f-11ed-bbae-6cc21735f730 advisory. - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore details CVE-2023-2454 Note...

7.2CVSS7AI score0.0119EPSS
Exploits0References3
OSV
OSV
added 2023/05/15 8:50 p.m.36 views

GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

7.5CVSS7.5AI score0.01558EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/05/11 8:48 p.m.12 views

in-toto: PGP trust model not (fully) considered

Impact This security advisory lists multiple concerns about how in-toto uses PGP keys. The findings are aggregated here, because they are all eligible to the same mitigation strategy. Note that the findings are rated with different severities see inline and the highest score was chosen for this...

6.7AI score
Exploits0References4Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/05/11 12:0 a.m.11 views

Spring Framework Reference Documentation Update

Starting with version 6.0.9, the Spring Framework reference documentation site is generated with Antora. This is a big change that brings many improvements. This blog post provides context around that. Overview For a long time the Spring Framework reference documentation had two versions, one...

6.5AI score
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2023/05/10 4:0 p.m.30 views

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. Work around:...

6.5CVSS5.8AI score0.00427EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2023/05/10 4:0 p.m.56 views

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. Work around: This issue requires the attacker to have authenticated access to...

4.4CVSS5.9AI score0.00542EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/05/10 12:30 p.m.108 views

SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals

An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...

7AI score
Exploits0References12
Debian CVE
Debian CVE
added 2023/05/07 12:0 a.m.28 views

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...

9.8CVSS7.2AI score0.0138EPSS
Exploits0
Circl
Circl
added 2023/05/06 5:42 p.m.5 views

CVE-2021-27320

creationtimestamp| type| source ---|---|--- 2023-05-06 17:42:20+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27320.yaml...

7.5CVSS6.8AI score0.09299EPSS
Exploits3References1
OSV
OSV
added 2023/05/05 8:29 p.m.9 views

SUSE-FU-2023:2119-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

9.1CVSS8.6AI score0.05493EPSS
Exploits0References5
OSV
OSV
added 2023/05/05 8:27 p.m.10 views

SUSE-FU-2023:2117-1 Feature update for haproxy

This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...

9.1CVSS8.6AI score0.05493EPSS
Exploits0References5
OSV
OSV
added 2023/05/05 12:30 a.m.16 views

GHSA-Q63Q-HWF6-3MW6 ONOS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions...

6.1CVSS5.8AI score0.00486EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/05/05 12:30 a.m.25 views

ONOS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions...

6.1CVSS5.8AI score0.00486EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2023/05/05 12:0 a.m.222 views

Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Vulnerability

Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introduction...

9.1CVSS7.1AI score0.07048EPSS
Exploits4
NVD
NVD
added 2023/05/04 10:15 p.m.14 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2023/05/04 10:15 p.m.32 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00486EPSS
Exploits1References2
Prion
Prion
added 2023/05/04 10:15 p.m.23 views

Cross site scripting

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

5.8CVSS5.9AI score0.00486EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder