Lucene search
K

91 matches found

Cvelist
Cvelist
added 2022/06/23 9:0 p.m.20 views

CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0...

6.5CVSS8.8AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2022/05/27 4:23 a.m.7 views

OPENSUSE-SU-2022:0148-1 Security update for varnish

This update for varnish fixes the following issues: varnish was updated to release 7.1.0 boo1195188 CVE-2022-23959 VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. VMOD: New STRING strftimeTIME time, STRING format function for UTC formatting...

9.1CVSS7.9AI score0.01973EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/05/25 8:15 a.m.2 views

CVE-2022-29405

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8...

6.5CVSS6.6AI score0.01591EPSS
Exploits0References2Affected Software1
Drupal
Drupal
added 2022/03/30 12:0 a.m.19 views

Anti-Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032

This module provides integration with the CleanTalk spam protection service. The module does not properly filter data in certain circumstances. Update: 2022-03-31 - fix release node links...

6.8AI score
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/01/20 6:54 p.m.2 views

log4j-core: remote code execution via JDBC Appender

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

8.5CVSS7.5AI score0.97906EPSS
Exploits9References5
OSV
OSV
added 2021/12/07 2:31 p.m.6 views

SUSE-SU-2021:3968-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...

8.8CVSS8.3AI score0.0206EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2021/12/05 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2021:3888-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.2AI score0.0206EPSS
Exploits0References2
OSV
OSV
added 2021/12/03 8:47 a.m.8 views

SUSE-SU-2021:3888-1 Security update for xen

This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly XSA-386 bsc1191363. - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs XSA-388 bsc1192557. - CVE-2021-28705, CVE-2021-28709: Fixed issues...

8.8CVSS8.3AI score0.0206EPSS
Exploits0References13
OSV
OSV
added 2021/11/05 8:15 p.m.10 views

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS5.9AI score0.00307EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/09/07 4:28 p.m.4 views

Moderate: Red Hat Bug Fix Advisory: Openshift Logging Bug Fix Release (5.2.0)

Openshift Logging Bug Fix Release 5.2.0 Openshift Logging Bug Fix Release 5.2.0...

7.5CVSS7.1AI score0.02199EPSS
Exploits0References28
OSV
OSV
added 2021/08/12 6:15 p.m.8 views

PYSEC-2021-751

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

5.5CVSS5.9AI score0.00152EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/06/01 12:0 a.m.14 views

All 404 Redirect to Homepage < 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin v1.21 attempted to fix a Stored Cross-Site scripting issue in its "Redirect All 404 page to" settings, however the fix is insufficient, still allowing the issue to be triggered. This could allow high privilege users even with the unfilteredhtml disabled to use malicious payloads in it,...

0.8AI score
Exploits0Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

PYSEC-2021-168

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

5.5CVSS6.3AI score0.00189EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.3 views

PYSEC-2021-231

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

7.8CVSS7AI score0.00201EPSS
Exploits1References2
PyPA
PyPA
added 2021/01/21 3:15 p.m.6 views

PYSEC-2021-48

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.8AI score0.01078EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/11/26 1:48 p.m.5 views

OPENSUSE-SU-2020:2030-1 Security update for xen

This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 bsc1178591. Non-security issues fixed: - Updated to Xen 4.12.4 bug fix release bsc1027519. - Fixed a panic during MSI cleanup on AMD...

4.4CVSS5.4AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2018/12/28 5:38 p.m.6 views

SUSE-SU-2018:4300-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.10.2 bug fix release bsc1027519. Security vulnerabilities fixed: - CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may...

8.8CVSS7.3AI score0.08101EPSS
Exploits0References23
Cvelist
Cvelist
added 2018/04/26 6:0 a.m.15 views

CVE-2018-8974

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Sourcescript type="text/javascript" src=' line. Fix released on 2018-03-28...

8.1AI score0.04103EPSS
Exploits1References3
FireEye
FireEye
added 2018/02/03 2:15 a.m.65 views

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

On Jan. 31, KISA KrCERT published an advisory about an Adobe Flash zero-day vulnerability CVE-2018-4878 being exploited in the wild. On Feb. 1, Adobe issued an advisory confirming the vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions, and that successful exploitation coul...

7.5CVSS8.6AI score0.89618EPSS
Exploits19References3
Exploit DB
Exploit DB
added 2015/11/16 12:0 a.m.29 views

AlegroCart 1.2.8 - Local/Remote File Inclusion

Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix22102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1047 Vendor Website: http://alegrocart.com/ Vulnerability Type: LFI/RFI Remote Exploitable: Yes Reported to...

7.4AI score
Exploits0
Rows per page
Query Builder