Lucene search
K

4421 matches found

OSV
OSV
added 2023/05/04 9:29 p.m.4 views

CLSA-2023-1683235759 Fix CVE(s): CVE-2022-3996, CVE-2023-0464, CVE-2023-0466

SECURITY UPDATE: Excessive resource use verifying X.509 policy constraints - debian/patches/CVE-2023-0464.patch: Limit X.509 certificate tree size to avoid exponential use of computational resources - CVE-2023-0464 SECURITY UPDATE: Incorrecly documented X509VERIFYPARAMadd0policy -...

7.5CVSS7AI score0.03658EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 9:26 p.m.6 views

CLSA-2023-1683235565 openssl: Fix of 3 CVEs

CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...

7.5CVSS7AI score0.03658EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 9:20 p.m.5 views

CLSA-2023-1683235231 openssl: Fix of 3 CVEs

CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...

7.5CVSS5.8AI score0.03658EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 9:15 p.m.3 views

CLSA-2023-1683234934 openssl: Fix of 3 CVEs

CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...

7.5CVSS7AI score0.03658EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/04 12:0 a.m.8 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

5.9AI score0.00486EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/04 12:0 a.m.28 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6AI score0.00486EPSS
Exploits1References2
CVE
CVE
added 2023/05/04 12:0 a.m.60 views

CVE-2023-30093

CVE-2023-30093 is a cross-site scripting (XSS) vulnerability affecting Open Networking Foundation ONOS, from version v1.9.0 through v2.7.0. The issue enables execution of arbitrary web scripts/HTML via a crafted payload injected into the url parameter of the API documentation dashboard. The provi...

6.1CVSS5.8AI score0.00486EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.4 views

PT-2023-22535 · Open Networking Foundation · Onos

Name of the Vulnerable Software and Affected Versions: Open Networking Foundation ONOS versions 1.9.0 through 2.7.0 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter or...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.493 views

Important: Red Hat Security Advisory: Satellite 6.13 Release

An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...

9.8CVSS7.6AI score0.99931EPSS
Exploits64References263
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 10:29 p.m.34 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Pypa Setuptools

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Pypa Setuptools. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a speciall...

5.9CVSS6.2AI score0.02617EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/28 5:12 p.m.3 views

Malicious code in documentation-ably-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f6bf5586a7addf25073456bb7b754dafa5c124cc264cb37b2005088598555ee The OpenSSF Package Analysis project identified 'documentation-ably-realtime' @ 1.0.2 npm as malicious. It is considered malicious because: - Th...

6.9AI score
Exploits0
OSV
OSV
added 2023/04/28 5:12 p.m.15 views

MAL-2023-1161 Malicious code in documentation-ably-realtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f6bf5586a7addf25073456bb7b754dafa5c124cc264cb37b2005088598555ee The OpenSSF Package Analysis project identified 'documentation-ably-realtime' @ 1.0.2 npm as malicious. It is considered malicious because: - Th...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:57 a.m.43 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2021-22569]

Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...

7.5CVSS6.2AI score0.01655EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:54 a.m.41 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3171]

Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...

7.5CVSS6.1AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:53 a.m.41 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to regular expression denial of service due to [CVE-2022-25881]

Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to regular expression denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.5CVSS6.9AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:52 a.m.30 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality due to [CVE-2022-4304], [CVE-2023-0215], [CVE-2023-0286]

Summary OpenSSL is provided as part of the base images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported...

7.5CVSS7.7AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:51 a.m.29 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to [CVE-2022-4450]

Summary OpenSSL is provided as part of the base images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilities in OpenSSL...

7.5CVSS7.9AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:51 a.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypasss due to [CVE-2023-23918]

Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. If an IBM App Connect Enterprise Certified Container image is extended to run custom Node.js applications, it may be vulnerable to security restriction bypasss. This bulletin provides patch information ...

7.5CVSS7.5AI score0.02023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:48 a.m.41 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41717]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is...

5.3CVSS6.7AI score0.05623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:47 a.m.40 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41724]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41724 Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is...

7.5CVSS8.4AI score0.01111EPSS
Exploits0Affected Software1
Rows per page
Query Builder