Lucene search
K

4422 matches found

Prion
Prion
added 2022/04/12 5:15 p.m.24 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

7.5CVSS9.5AI score0.03436EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2022/04/12 5:15 p.m.16 views

Remote code execution

DISPUTED An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The...

7.5CVSS9.6AI score0.0379EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/12 4:29 p.m.21 views

CVE-2022-28397

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

9.8AI score0.03436EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/04/12 4:28 p.m.16 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

8.2AI score0.0379EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 2:47 p.m.123 views

Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23773

Summary Operations Dashboard is vulnerable to Go CVE-2022-23773 with details below Vulnerability Details CVEID: CVE-2022-23773 DESCRIPTION: An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector. CVSS...

7.5CVSS0.9AI score0.02698EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/04/06 12:1 a.m.16 views

GHSA-29F8-Q7MF-7CQJ Logic error in Apache Pinot

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...

7.5CVSS7.4AI score0.01996EPSS
Exploits0References5
Fedora
Fedora
added 2022/04/05 3:44 p.m.39 views

[SECURITY] Fedora 35 Update: python-pillow-8.3.2-3.fc35

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

9.1CVSS9.4AI score0.02811EPSS
Exploits0
OSV
OSV
added 2022/04/04 8:15 p.m.3 views

UBUNTU-CVE-2022-1185

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file...

6.5CVSS6.9AI score0.01277EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/04 11:15 a.m.8 views

CVE-2022-24191

In HTMLDOC 1.9.14, an infinite loop in the gifreadlzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow...

5.5CVSS6.9AI score0.00727EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/04/04 12:0 a.m.9 views

PT-2022-16532 · Htmldoc +5 · Htmldoc +5

Name of the Vulnerable Software and Affected Versions: HTMLDOC version 1.9.14 Description: The issue is caused by an infinite loop in the gif read lzw function, which can lead to a pointer arbitrarily pointing to heap memory, resulting in a buffer overflow. Recommendations: For HTMLDOC version...

10CVSS6.6AI score0.21514EPSS
Exploits21References91
OSV
OSV
added 2022/04/01 8:31 p.m.7 views

USN-5344-1 libdbd-mysql-perl vulnerabilities

It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service...

9.8CVSS6.8AI score0.04629EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:28 p.m.29 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to denial of service due to CVE-2022-21680

Summary Node.js module marked is used by IBM App Connect Enterprise Certified Container when creating an API-based Designer flow. IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to regular expression denial of service. This bulletin provides patch...

7.5CVSS7.3AI score0.02828EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:27 p.m.38 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use Designer flows may be vulnerable to loss of confidentiality due to CVE-2022-24772

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container by the connectors in a Designer flow to communicate with the connected SaaS application. IBM App Connect Enterprise Certified Container IntegrationServers that run Designer flows containing connectors may ...

7.5CVSS6.7AI score0.01015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:25 p.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use Designer flows may be vulnerable to loss of confidentiality due to CVE-2022-24771

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container by the connectors in a Designer flow to communicate with the connected SaaS application. IBM App Connect Enterprise Certified Container IntegrationServers that run Designer flows containing connectors may ...

7.5CVSS7.2AI score0.00717EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:14 p.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2021-22960

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running, authoring and managing flows. All IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2021-22960. This bulletin provides patch information to address the reported vulnerability...

6.5CVSS7.1AI score0.02299EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:7 p.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use Designer flows may be vulnerable to loss of confidentiality due to CVE-2022-24773

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container by the connectors in a Designer flow to communicate with the connected SaaS application. IBM App Connect Enterprise Certified Container IntegrationServers that run Designer flows containing connectors may ...

5.3CVSS6.7AI score0.00875EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/30 3:22 p.m.32 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID: CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly recursive collections or maps, a remote...

7.5CVSS1.6AI score0.07934EPSS
Exploits1Affected Software1
Citrix
Citrix
added 2022/03/30 12:0 a.m.7 views

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 5

Package name: xms10.14.0.10521.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10424.bin, xms10.14.0.10303.bin, xms10.14.0.10206.bin, and xms10.14.0.10118.bin Date: March 2022 Languages supported: English US Important notes about this update As a best...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2022/03/27 8:30 p.m.72 views

Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/03/27 12:0 a.m.8 views

Fedora: Security Advisory for flac (FEDORA-2022-ee96acc54f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS6AI score0.00465EPSS
Exploits0References2
Rows per page
Query Builder