Lucene search
K

9184 matches found

Prion
Prion
added 2023/03/28 3:15 p.m.47 views

Design/Logic Flaw

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5CVSS6.2AI score0.01629EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2023-0016)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.8AI score0.007EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/03/27 10:17 p.m.9 views

io.apiman:apiman-distro-db (>=1.1.2.Final <=1.2.6.Beta3), io.apiman:apiman-distro-db-es (>=1.1.2.Final <=1.2.6.Beta3) +23 more potentially affected by CVE-2023-28640 via io.apiman:apiman-manager-api-rest-impl (>=1.1.2.Final <=3.0.0.RC6)

io.apiman:apiman-manager-api-rest-impl MAVEN version =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.6.Final, =1.2.2.Final, =1.2.2.Final, =1.2.2.Final, =1.1.2.Final, =1.2.1.Final, =1.1.5.Final, =1.1.2.Final, =1.2.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.1.2.Final, =1.2.0.Final and mor...

6.4CVSS6AI score0.0034EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/27 9:23 p.m.33 views

CVE-2023-28102 Command injection in discordrb

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

8.3CVSS9.9AI score0.02546EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/27 8:43 p.m.7 views

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

7CVSS7AI score0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/27 8:43 p.m.39 views

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

7CVSS7.2AI score0.00549EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/25 12:0 a.m.27 views

SUSE SLES12 Security Update : containerd (SUSE-SU-2023:1566-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1566-1 advisory. - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak bsc1206235. - Re-build containerd to use updated...

6.5CVSS6.6AI score0.01022EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/24 12:0 a.m.25 views

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1580)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the hos...

6.5CVSS7.3AI score0.01022EPSS
Exploits0References2
OSV
OSV
added 2023/03/23 7:27 p.m.18 views

CVE-2023-28436 Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process

Tailscale is software for using Wireguard and multi-factor authentication MFA. A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in...

5.7CVSS8AI score0.0046EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.25 views

CVE-2023-20027 Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly VFR feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper reassembly of large packe...

8.6CVSS8.5AI score0.0098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.13 views

CVE-2023-20027 Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly VFR feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper reassembly of large packe...

8.6CVSS7.2AI score0.0098EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/23 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for containerd (EulerOS-SA-2023-1580)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.2AI score0.01022EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/23 12:0 a.m.26 views

Google Chrome Security Update (stable-channel-update-for-desktop_20-2021-07) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

9.6CVSS7.4AI score0.06282EPSS
Exploits29References1
NVD
NVD
added 2023/03/22 8:15 p.m.18 views

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References2
Prion
Prion
added 2023/03/22 8:15 p.m.24 views

Design/Logic Flaw

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

5CVSS7.2AI score0.00957EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/03/22 7:51 p.m.30 views

CVE-2023-28119

Removed by vendor...

7.5CVSS6.6AI score0.00957EPSS
Exploits0
FreeBSD
FreeBSD
added 2023/03/22 12:0 a.m.27 views

tailscale -- security vulnerability in Tailscale SSH

Tailscale team reports: A vulnerability identified in the implementation of Tailscale SSH in FreeBSD allowed commands to be run with a higher privilege group ID than that specified by Tailscale SSH access rules...

8CVSS7.8AI score0.0046EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/03/21 10:31 p.m.30 views

Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.1AI score0.00873EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/03/21 10:31 p.m.23 views

GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus

Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...

7.5CVSS7.4AI score0.00873EPSS
Exploits0References6
Qualys Blog
Qualys Blog
added 2023/03/21 5:14 p.m.23 views

ACSC Essential 8 Cybersecurity Strategies, Maturity Levels, and Best Practices

Originally published in 2017 as an evolution of the Australian Signals Directorate’s Strategies to Mitigate Cyber Security Incidents, the Australian Cyber Security Centre ACSC Essential 8 E8 consists of a set of strategies that can make it harder for threat actors to compromise a firm’s...

6.9AI score
Exploits0
Rows per page
Query Builder