Lucene search
K

561 matches found

Redos
Redos
added 2023/07/06 12:0 a.m.11 views

ROS-2-1088

2.1088 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from Keycloak's device authorization not properly validating the device code and...

8.1CVSS6.5AI score0.00694EPSS
Exploits0References10
Hacker One
Hacker One
added 2023/06/05 2:49 a.m.5 views

Basecamp: Spam & Clearance checks disabled with existing referenced Message-ID

A vulnerability in the inbound email processing allowed crafted emails to bypass spam filtering and The Screener when they appeared to be in reply to an existing thread...

5.6AI score
Exploits0
Prion
Prion
added 2023/06/01 5:15 p.m.20 views

Design/Logic Flaw

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

4CVSS6.4AI score0.00497EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/25 3:15 a.m.4 views

CVE-2023-2732

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...

9.8CVSS7.3AI score0.67511EPSS
Exploits3References3
Prion
Prion
added 2023/05/08 9:15 p.m.15 views

Design/Logic Flaw

OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...

4CVSS6.5AI score0.00891EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/03 12:0 a.m.6 views

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

6.5CVSS6AI score0.00957EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2023/04/25 7:0 a.m.5 views

vitess allows users to create keyspaces that can deny access to already existing keyspaces

...

4.1CVSS4.6AI score0.00782EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.4 views

PT-2023-20814 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A cross-site request forgery CSRF issue allows attackers to edit information for existing people on the site. This means an attacker can trick a user into performing unintended actions on the site...

4.3CVSS4.5AI score0.00341EPSS
Exploits1References6
NVD
NVD
added 2023/04/20 1:15 p.m.22 views

CVE-2022-29607

An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator...

7.5CVSS7.5AI score0.00668EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/31 11:35 a.m.28 views

CVE-2023-1777 Information disclosure in linked message previews

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...

6.5CVSS6.5AI score0.00537EPSS
Exploits0References1
OSV
OSV
added 2023/03/27 2:15 p.m.24 views

CVE-2022-41354

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications...

4.3CVSS5AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.3 views

SUSE CVE-2004-1174

direntry.c in Midnight Commander mc 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."...

5CVSS6.7AI score0.0143EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.2 views

SUSE CVE-2008-3825

pamkrb5 2.2.14 in Red Hat Enterprise Linux RHEL 5 and earlier, when the existingticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename a...

4.4CVSS7AI score0.00353EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.1 views

SUSE CVE-2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if...

5.3CVSS8.9AI score0.0511EPSS
Exploits2References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.2 views

SUSE CVE-2020-27780

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

9.8CVSS6.8AI score0.01959EPSS
Exploits0References3
Veracode
Veracode
added 2023/02/12 3:47 p.m.21 views

Arbitrary File Deletion

github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...

9.6CVSS8AI score0.00956EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.5 views

plugin: Lack of authentication mechanism in Git Plugin webhook

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...

5.3CVSS5.8AI score0.00836EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/27 12:0 a.m.6 views

CVE-2022-4205

In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash...

6.3CVSS7.5AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2023/01/12 6:15 a.m.3 views

DEBIAN-CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

5.5CVSS5AI score0.00269EPSS
Exploits1References1
Rows per page
Query Builder