Lucene search
K

269 matches found

RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.5 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.55 views

Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161)

Abstract Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 Content VULNERABILITY DETAILS – Directory Traversal CVE ID: CVE-2012-0186 DESCRIPTION: Specially crafted URLs can be sent to the Eclipse Help component of IBM Sales Center for...

5.8CVSS8.6AI score0.05219EPSS
Exploits4Affected Software1
CNVD
CNVD
added 2022/09/20 12:0 a.m.8 views

Guangzhou Bainan Information Technology Co., Ltd. has a flawed logic vulnerability in its large instrument sharing management system

Large-scale instrument sharing management system is a company engaged in the design, development, production and integration services of laboratory information technology products. Guangzhou Bainan Information Technology Co., Ltd. has a logic flaw vulnerability in the large instrument sharing...

1.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/09/13 9:48 a.m.57 views

Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.77766EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.41 views

CentOS 8 : nodejs:14 (CESA-2022:6448)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:6448 advisory. - nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 - nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodin...

8.1CVSS7AI score0.77766EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.60 views

RHEL 8 : nodejs:14 (RHSA-2022:6448)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6448 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.1CVSS7.1AI score0.77766EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2022/09/08 12:0 a.m.49 views

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:6389)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6389 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

8.1CVSS7.1AI score0.77766EPSS
Exploits3References14
Veracode
Veracode
added 2022/09/02 10:4 a.m.14 views

Information Disclosure

sosreport is vulnerable to information disclosure. A local unauthenticated attacker is able to gain access to RHV admin passwords due to the flawed business logic in postproc function in ovirt.py...

5.5CVSS5.7AI score0.00233EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/08/26 6:15 p.m.5 views

CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.2AI score0.01183EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/08/26 6:15 p.m.41 views

CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7AI score0.01183EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/26 5:25 p.m.21 views

CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

8.5AI score0.01183EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/08/26 5:25 p.m.50 views

CVE-2022-0084

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.4AI score0.01183EPSS
Exploits0
Huntr
Huntr
added 2022/08/15 8:9 p.m.19 views

Unrestricted File Upload Allowed due to Flawed Move File Functionality

Description Hello Team, Hope you are doing good. Due to misconfiguration in move file functionality an attacker could easily change the file extension of the uploaded malicious file disguised as .gcode file. Steps: 1 . Upload a .gcode file & intercept the request as shown in the screenshots. 2...

4.9CVSS0.2AI score0.00545EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.12 views

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example PoC POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

1.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.5 views

The vulnerability of Cisco IOS operating system loaders, related to security mechanism deficiencies, allows attackers to trigger service failures.

The vulnerability of Cisco IOS operating system loaders is related to security mechanisms that are flawed. Exploiting this vulnerability can allow attackers to cause service failures...

4.9CVSS5.7AI score0.00216EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/07/15 12:0 a.m.5 views

The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of microprogrammed software in Schneider Electric Easergy P5 relay protection and control devices is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality,...

6.7CVSS5.9AI score0.00277EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/07/12 12:0 a.m.19 views

Node.js 14.x < 14.20.0, 16.x < 16.16.0, 18.x < 18.5.0 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS8AI score0.77766EPSS
Exploits3References1
Hacker One
Hacker One
added 2022/07/08 3:42 a.m.60 views

Internet Bug Bounty: CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

Original Report: https://hackerone.com/reports/1524555 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of security layers, stealing of credentials and so on...

6.4CVSS7.3AI score0.35079EPSS
Exploits1
Prion
Prion
added 2022/06/09 7:15 a.m.21 views

Design/Logic Flaw

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways those that use intermediary states like isNotification or isRedirect, if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as...

5.8CVSS6.3AI score0.00618EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.6 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
Rows per page
Query Builder