Lucene search
K

9179 matches found

Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.7 views

PT-2023-23180

Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue arises when /dev/urandom or RtlGenRandom are unavailable, and c-ares uses rand to generate random numbers for DNS query ids. This approach is not a Cryptographically Secure PseudoRandom...

8.6CVSS5.4AI score0.03906EPSS
Exploits3References97
OpenVAS
OpenVAS
added 2023/05/19 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-6092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.00635EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2023/05/18 7:18 p.m.17 views

.NET 6.0 bugfix update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

6.8AI score
Exploits0
OSV
OSV
added 2023/05/18 5:28 p.m.12 views

GHSA-W3F6-PC54-GFW7 swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

7.5CVSS7.4AI score0.01101EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.43 views

Debian DSA-5404-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5404 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...

8.8CVSS8.3AI score0.29136EPSS
Exploits1References15
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 2:31 p.m.42 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in containerd

Summary Multiple vulnerabilities in containerd used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups...

7.8CVSS7.2AI score0.01022EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2023/05/17 2:47 a.m.18 views

External Control Of Configuration

in-toto is vulnerable to External Control of Configuration. The vulnerability exists due to the insecure implementation of the usersettings module, which allows an attacker to write configuration from the local directory and mask their activities by passing a maliciously crafted .intotorc file,...

5.5CVSS6.5AI score0.00241EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.30 views

FreeBSD : chromium -- multiple vulnerabilities (bea52545-f4a7-11ed-8290-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bea52545-f4a7-11ed-8290-a8a1599412c6 advisory. - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote...

8.8CVSS8.3AI score0.29136EPSS
Exploits1References8
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.33 views

Apple macOS AppleScript UASIsConstant SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AppleScript library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within th...

3.3CVSS6.2AI score0.00986EPSS
Exploits0References1
OSV
OSV
added 2023/05/16 7:15 p.m.20 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.2AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/05/16 7:15 p.m.33 views

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00681EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.35 views

Google Chrome < 113.0.5672.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 113.0.5672.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop16 advisory. - Inappropriate implementation in WebApp Installs in Google Chrome prior to...

8.8CVSS8.3AI score0.29136EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2023/05/16 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1927)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.05193EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2023/05/16 12:0 a.m.33 views

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 12 security fixes: 1444360 Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10 1400905 High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14 1435166...

8.8CVSS7.4AI score0.29136EPSS
Exploits1References1
Prion
Prion
added 2023/05/15 9:15 p.m.20 views

Directory traversal

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

5CVSS7.6AI score0.01558EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/15 8:50 p.m.51 views

Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

7.5CVSS7.6AI score0.01558EPSS
Exploits1References5Affected Software1
Fedora
Fedora
added 2023/05/14 1:39 a.m.52 views

[SECURITY] Fedora 38 Update: libssh-0.10.5-1.fc38

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

6.5CVSS7.3AI score0.01314EPSS
Exploits2
Citrix
Citrix
added 2023/05/12 12:0 a.m.8 views

How to Change Write Cache Disk Letter

In particular scenario, write cache disk letter need to be other letter rather than 'D'. This article descirbes how to implement this request...

7AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/05/12 12:0 a.m.21 views

Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Mobile Security for Enterprises. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WFUser class defined within the web/widget path. The issu...

9.8CVSS6.9AI score0.02573EPSS
Exploits0References1
OSV
OSV
added 2023/05/11 8:40 p.m.23 views

GHSA-2Q89-485C-9J2X Improper random reading in CIRCL

Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...

5.3CVSS6.2AI score0.00386EPSS
Exploits0References5
Rows per page
Query Builder