Lucene search
K

58 matches found

NVD
NVD
added 2024/03/25 3:15 p.m.31 views

CVE-2024-30202

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23...

7.8CVSS6.7AI score0.01108EPSS
Exploits0References5
OSV
OSV
added 2024/02/14 5:15 p.m.6 views

CVE-2024-23314

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS5.8AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 4:21 p.m.19 views

CVE-2023-43125

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.2CVSS7.4AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2023/05/03 3:15 p.m.5 views

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.5CVSS7.1AI score0.00616EPSS
Exploits0References1
Prion
Prion
added 2023/03/13 9:15 a.m.24 views

Design/Logic Flaw

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

5.8CVSS6.9AI score0.00604EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:41 p.m.31 views

K1877: OpenSSH Remote Challenge Vulnerability - CAN-2001-1279

Security Advisory Description Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

7.5CVSS6.6AI score0.04784EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.57 views

K15650046: Tcl code injection security exposure

Security Advisory Description Certain coding practices may allow an attacker to inject arbitrary Tool Command Language Tcl commands, which can be executed in the security context of the target Tcl script by the running Tcl interpreter. Note: This issue affects any user-supplied Tcl code executed ...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/08 12:0 a.m.20 views

Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

8.1AI score
Exploits0References2
OSV
OSV
added 2022/08/04 6:15 p.m.6 views

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS5.8AI score0.00645EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/03/22 3:33 p.m.5 views

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

5.3CVSS7.1AI score0.02132EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/09 9:50 p.m.41 views

CVE-2022-23628 Array literal misordering in github.com/open-policy-agent/opa

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

6.3CVSS6.5AI score0.0103EPSS
Exploits1References4
OSV
OSV
added 2020/06/10 4:15 p.m.3 views

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

8.6CVSS7.4AI score0.01938EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2020/05/21 12:0 a.m.491 views

OpenEDX platform Ironwood 2.5 - Remote Code Execution

Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...

8.8CVSS9AI score0.10963EPSS
Exploits7
OSV
OSV
added 2018/06/07 7:43 p.m.1 views

GHSA-4662-J96G-MV46 Arbitrary Code Injection in reduce-css-calc

Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

6.1CVSS6.4AI score0.01212EPSS
Exploits1References4
NVD
NVD
added 2015/04/08 6:59 p.m.23 views

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

5CVSS6.1AI score0.12841EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2015/04/08 12:0 a.m.34 views

CVE-2015-0248

The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revision numbers...

5CVSS7.2AI score0.12841EPSS
Exploits0References3
Mageia
Mageia
added 2014/10/09 2:39 p.m.47 views

Updated python-requests packages fix security vulnerabilities

Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...

5CVSS6.2AI score0.022EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/01/24 6:31 p.m.8 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
Rows per page
Query Builder