Lucene search
K

361 matches found

Debian CVE
Debian CVE
added 2024/02/10 5:0 a.m.24 views

CVE-2024-21490

This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in...

7.5CVSS7AI score0.01891EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/05 11:44 a.m.32 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2023-5408)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that may allow an attacker to modify restricted node labels and bypass the node restriction admission plugin CVE-2023-5408. Vulnerability Details CVEID: CVE-2023-5408 Description: OpenShift...

7.2CVSS7.2AI score0.01112EPSS
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2024/01/19 1:2 p.m.44 views

CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities

The Cybersecurity and Infrastructure Security Agency CISA has added two Citrix NetScaler vulnerabilities to its Known Exploited Vulnerabilities catalog, and it has set the “due date” a week after they were added. Federal Civilian Executive Branch FCEB agencies are handed specific deadlines for wh...

6.5CVSS8.6AI score0.57633EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/16 12:0 a.m.45 views

JVN#63383723: Drupal vulnerable to improper handling of structural elements

Drupal provided by Drupal.org contains an improper handling of structural elements vulnerability CWE-237. Impact An attacker may be able to cause a denial-of-service DoS condition. Solution Update the Software Update the software to the latest version 10 series according to the information provid...

7.5CVSS7.2AI score0.00791EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/06 12:30 p.m.54 views

Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS6.9AI score0.01213EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2024/01/06 12:15 p.m.16 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References2
Prion
Prion
added 2024/01/06 12:15 p.m.19 views

Input validation

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

5.8CVSS6.9AI score0.01213EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/06 12:15 p.m.33 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/06 11:59 a.m.24 views

CVE-2023-51441 Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2AI score0.01213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/06 11:59 a.m.3 views

CVE-2023-51441 Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7AI score0.01213EPSS
Exploits0References2
OSV
OSV
added 2024/01/06 11:59 a.m.22 views

CVE-2023-51441 Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References5
NVD
NVD
added 2023/12/26 6:15 a.m.18 views

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

5.4CVSS0.00298EPSS
Exploits0References2
Prion
Prion
added 2023/12/26 6:15 a.m.18 views

Open redirect

Open redirect vulnerability in PowerCMS 6 Series, 5 Series, and 4 Series allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL are also affected ...

5.8CVSS7.2AI score0.00402EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.6 views

PT-2023-9165

Name of the Vulnerable Software and Affected Versions angular versions 1.3.0 and later Description A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic...

7.8CVSS6.8AI score0.01891EPSS
Exploits2References41
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.19 views

Tenable Nessus End of Life (EOL) Detection

The Tenable Nessus version on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

7.4AI score
Exploits0References1
MongoDB
MongoDB
added 2023/11/07 12:41 p.m.42 views

Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

7.5CVSS6.5AI score0.00598EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/07 11:44 a.m.27 views

CVE-2023-0436 Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

4.5CVSS7.6AI score0.00598EPSS
Exploits0References1
Debian
Debian
added 2023/10/30 1:12 p.m.8 views

[SECURITY] [DLA 3639-1] distro-info-data database update

Debian LTS Advisory DLA-3639-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera October 30, 2023 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.41+deb10u8 This is a routine update of the distro-info-data database for Debian LTS users. It includes...

5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.27 views

Debian dla-3622 : libaxis-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3622 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8.2AI score0.01931EPSS
Exploits0References4
hivepro
hivepro
added 2023/10/12 9:44 a.m.11 views

Microsoft’s October 2023 Patch Tuesday Addresses Three Zero-day Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In the October Patch Tuesday release, Microsoft addressed 103 flaws, including three actively exploited zero-day vulnerabilities. These patches cover critical and important vulnerabilities, a...

6.8AI score
Exploits0
Rows per page
Query Builder