Lucene search
K

4422 matches found

OSV
OSV
added 2023/02/22 12:4 a.m.20 views

GHSA-8MFQ-F5WJ-VW5M Nautobot vulnerable to remote code execution via Jinja2 template rendering

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions earlier than 1.5.7 are impacted. In Nautobot 1.5.7 we have enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: - extras.ComputedFiel...

7.7CVSS9AI score0.01526EPSS
Exploits0References7
NVD
NVD
added 2023/02/21 9:15 p.m.37 views

CVE-2023-25657

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the...

9.8CVSS8.5AI score0.01526EPSS
Exploits0References3
OSV
OSV
added 2023/02/20 5:15 p.m.13 views

CVE-2022-48318

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

5.3CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added 2023/02/20 4:55 p.m.20 views

CVE-2022-48318 Insecure access control mechanisms for RestAPI documentation

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

5.3CVSS5.4AI score0.00486EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/02/20 11:30 a.m.47 views

Faraday - Open Source Vulnerability Management Platform

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on...

7.2AI score
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.5 views

PT-2023-15695 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: The issue is related to the lack of authorization controls in the RestAPI documentation for Checkmk, which may lead to unintended information...

5.3CVSS6.7AI score0.00486EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2023/02/17 9:17 p.m.107 views

Metasploit Wrap-Up

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum, Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 and a...

7.5CVSS0.8AI score0.86194EPSS
Exploits8
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.3 views

SUSE CVE-2008-5374

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb.? temporary file, related to the 1 aliasconv.sh, 2 aliasconv.bash, and 3 cshtobash scripts...

6.9CVSS6.7AI score0.00338EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.5 views

SUSE CVE-2012-3229

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation...

4CVSS6.6AI score0.01114EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.5 views

SUSE CVE-2012-4747

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read 1 template aka .tmpl files, 2 other custom...

5CVSS6.5AI score0.01657EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.3 views

SUSE CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

9.8AI score0.06198EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

6.5CVSS7.3AI score0.03451EPSS
Exploits0References113
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.45 views

SUSE CVE-2018-1000144

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseActiondoDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these...

6.1CVSS6AI score0.00861EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.2 views

SUSE CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

7.5CVSS9.3AI score0.04671EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-19630

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hdstrlcpy function in string.c when called from rendercontents in ps-pdf.cxx via a crafted HTML document...

4.4CVSS7.1AI score0.01135EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.2 views

SUSE CVE-2021-3509

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The...

8.8CVSS6.5AI score0.017EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.1 views

SUSE CVE-2021-26934

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation aka be-alloc mode of the drmxenfront drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry...

7.8CVSS6.6AI score0.00346EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.4 views

SUSE CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

7.8CVSS7.7AI score0.0148EPSS
Exploits0References33
OSV
OSV
added 2023/02/13 9:31 p.m.23 views

GHSA-6P89-3P7C-QRHV Cross-site scripting in CKEditor5

CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is adding...

6.1CVSS6.1AI score0.02097EPSS
Exploits4References4
Cvelist
Cvelist
added 2023/02/13 12:0 a.m.22 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.2AI score0.02097EPSS
Exploits4References2
Rows per page
Query Builder