Lucene search
K

4422 matches found

Debian CVE
Debian CVE
added 2023/01/11 12:0 a.m.19 views

CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...

7.3CVSS7.2AI score0.00309EPSS
Exploits1
OSV
OSV
added 2023/01/10 3:15 a.m.3 views

CVE-2023-0013

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/10 2:50 a.m.30 views

CVE-2023-0013 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...

6.1CVSS6.2AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.5 views

PT-2023-1179 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge versions prior to V2023 MP1 Description: A memory corruption issue has been identified in the DOCMGMT.DLL of Solid Edge. This issue can be triggered while parsing files in different formats such as PAR, ASM, and DFT, potentially...

7.8CVSS7.7AI score0.00279EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 9:15 a.m.48 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603 with details below. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular...

7.5CVSS8.1AI score0.02029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 9:11 a.m.22 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to command injection due to Node.js vulnerablity X-Force ID 237819

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to command injection due to Node.js vulnerablity X-Force ID 237819 with details below Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to execute arbitrar...

8.1AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/01 1:15 a.m.3 views

CVE-2022-43811

To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.4 views

WIzard for DOCumenting Ontologies 路径遍历漏洞

WIzard for DOCumenting Ontologies WIDOCO is a step-by-step generator of HTML templates containing documentation for ontologies by Daniel Garijo Personal Developer. It helps you automate the publishing and creation of rich, customized ontology documentation by performing a series of steps in a GUI...

7.8CVSS5.6AI score0.00283EPSS
Exploits0References6
Fedora
Fedora
added 2022/12/24 1:18 a.m.18 views

[SECURITY] Fedora 36 Update: python3-docs-3.10.9-1.fc36

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

7.5CVSS2.2AI score0.02453EPSS
Exploits1
Fedora
Fedora
added 2022/12/24 1:10 a.m.33 views

[SECURITY] Fedora 37 Update: python3-docs-3.11.1-1.fc37

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

7.5CVSS2.2AI score0.02453EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/12/24 12:0 a.m.17 views

Fedora: Security Advisory for python3-docs (FEDORA-2022-e699dd5247)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.1AI score0.02453EPSS
Exploits1References2
Spring Security Advisories
Spring Security Advisories
added 2022/12/23 12:0 a.m.22 views

Spring Boot 3.0.1 available now

On behalf of the team and everyone who has contributed, Im happy to announce that Spring Boot 3.0.1 has been released and is now available from Maven Central. This release includes 54 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with iss...

1.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/23 12:0 a.m.12 views

Upgraded Q -> M from #4 [1671756144822]

Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy: Insertion timestamp ignored The documentation states that "If the users have the same quantity as well, the bid that was placed later will have Raes removed.". However, with the current implementation, this i...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/23 12:0 a.m.6 views

The vulnerability of Festo products’ microprogramming software, related to insufficient technical documentation, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Festo product’s microprogramming software is related to insufficient technical documentation. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8AI score0.01053EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.11 views

Fedora 36 : woff (2022-706c76c4f0)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-706c76c4f0 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

5.6AI score
Exploits0References1
CNVD
CNVD
added 2022/12/20 12:0 a.m.27 views

Apache Zeppelin input validation error vulnerability

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...

6.5CVSS2.9AI score0.01539EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/12/19 9:9 p.m.78 views

Cortex's Alertmanager can expose local files content via specially crafted config

Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...

6.5CVSS6AI score0.00753EPSS
Exploits0References8Affected Software1
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.7 views

Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.

Lines of code LOC: Vulnerability details Description In GroupBuy module, users can call contribute to get a piece of the NFT pie. There are two stages in transforming the msg.value to holdings in the NFT. 1. filling at any pricesupply is not yet saturated uint256 fillAtAnyPriceQuantity =...

6.6AI score
Exploits0
Circl
Circl
added 2022/12/18 4:4 a.m.4 views

CVE-2022-46689

creationtimestamp| type| source ---|---|--- 2022-12-18 04:04:21+00:00| published-proof-of-concept| https://t.me/hackingshadow/2736 2022-12-18 11:46:29+00:00| published-proof-of-concept| https://t.me/proxybar/1229 2022-12-18 11:59:52+00:00| published-proof-of-concept| https://t.me/crackcodes/1850...

7CVSS7.3AI score0.44678EPSS
Exploits9References28
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.9 views

Wrong update of stoploss in TradingExtension._limitClose()

Lines of code Vulnerability details Impact TradingExtension.limitClose returns a wrong stoploss which is favorable for users and it would be a significant loss for the protocol. Proof of Concept TradingExtension.limitClose is used to set takeprofit/stoploss prices for the pending order and execut...

6.9AI score
Exploits0
Rows per page
Query Builder