Lucene search
K

268 matches found

Veracode
Veracode
added 2024/07/25 6:53 a.m.10 views

Improper Access Control

github.com/fabedge/fabedge is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...

9.8CVSS6.6AI score0.00476EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/07/11 3:15 a.m.16 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/11 2:38 a.m.12 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS7AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/11 2:38 a.m.19 views

CVE-2024-23485

Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...

4.6CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2024/07/11 2:38 a.m.49 views

CVE-2024-23485

CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...

4.6CVSS4.9AI score0.00186EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/10 7:49 p.m.22 views

CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection

CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...

8.1CVSS5.8AI score0.00421EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/27 8:4 p.m.32 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

7AI score0.08279EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/05/13 2:18 a.m.33 views

CVE-2023-43040

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

9.8CVSS6.3AI score0.02539EPSS
Exploits1
NVD
NVD
added 2024/03/04 11:15 a.m.23 views

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame...

7.5CVSS7.6AI score0.00324EPSS
Exploits0References1
Prion
Prion
added 2024/03/04 11:15 a.m.14 views

Authorization

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame...

5CVSS7.2AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.6 views

PT-2024-13112 · Qualcomm · Snapdragon +141

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs when processing an improperly formatted 802.11az Fine Time Measurement protocol frame. ...

7.5CVSS7AI score0.00324EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.17 views

CentOS 9 : keylime-6.5.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the keylime-6.5.2-1.el9 build changelog. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists t...

5.1CVSS5.6AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.7 views

CVE-2023-42282

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

9.6AI score0.01613EPSS
Exploits1References5
NVD
NVD
added 2023/12/21 9:15 p.m.31 views

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...

4.9CVSS0.00611EPSS
Exploits0References5
Prion
Prion
added 2023/12/21 9:15 p.m.16 views

Authorization

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and...

4CVSS6.8AI score0.00467EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/12/21 9:15 p.m.22 views

Authorization

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...

3.3CVSS6.9AI score0.00611EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.4 views

PT-2023-31800 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7 through 3.7.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server...

4.3CVSS7AI score0.00467EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.8 views

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...

6.5CVSS6.8AI score0.00204EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/12/18 12:0 a.m.20 views

Hitachi Energy RTU500 Series Improper Neutralization of Input During Web Page Generation (CVE-2023-5767)

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross- site scripting on the webserver due to an RDT language file being improperly sanitized. This plugin only works with Tenable.ot. Please visit...

6.1CVSS6.3AI score0.00392EPSS
Exploits0References3
Prion
Prion
added 2023/12/14 5:15 p.m.20 views

Cross site scripting

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

5.8CVSS6.3AI score0.00406EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder