Lucene search
K

644 matches found

Fedora
Fedora
added 2021/11/20 1:11 a.m.56 views

[SECURITY] Fedora 34 Update: js-jquery-ui-1.13.0-1.fc34

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

6.5CVSS6.9AI score0.42847EPSS
Exploits4
GithubExploit
GithubExploit
added 2021/11/11 4:34 a.m.1022 views

Exploit for Code Injection in Gitlab

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This...

10CVSS9.3AI score0.99731EPSS
Exploits30
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.21 views

Mozilla Firefox Security Advisory (MFSA2014-68) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

10CVSS9.6AI score0.05801EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.4 views

The vulnerability in the implementation of the STARTTLS protocol for the software interface with servers allows a perpetrator to carry out “man-in-the-middle” attacks.

The vulnerability of the STARTTLS protocol implementation in the software for interacting with servers via cURL is related to insufficient authentication checks. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks...

8.5CVSS6.7AI score0.02799EPSS
Exploits1References15Affected Software6
Citrix
Citrix
added 2021/11/03 12:0 a.m.8 views

MAM SDK Migration Unexpected behavior on MDX/MAM SDK app container

Some interaction between managed applications in the same container are not working properly for example, copy and paste, open-in, etc. Scenario 1: Productivity Apps only using Hybrid mode One app on Legacy MDX and one app on MAM SDK. This scenario is not supported and not recommended. Scenario 2...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/09/18 12:0 a.m.10 views

Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket

Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...

7.1AI score
Exploits0
Huntr
Huntr
added 2021/07/24 8:39 a.m.11 views

Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score
Exploits0
OSV
OSV
added 2021/07/12 4:15 p.m.7 views

CVE-2021-20414

IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...

4.9CVSS5.8AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2021/07/12 4:15 p.m.14 views

CVE-2021-20414

IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...

4.9CVSS0.00541EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/12 4:5 p.m.19 views

CVE-2021-20414

IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...

4.4CVSS4.9AI score0.00541EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2021/06/01 7:25 p.m.38 views

WhatsApp reverses course, will not limit app functionality

WhatsApp, the end-to-end encrypted messaging service that has lost users, its founders, and a large amount of public goodwill, issued a reversal on its recent privacy policy enforcement measures, clarifying that it will no longer punish users who refuse to share some of their data with the...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/14 8:26 a.m.41 views

WhatsApp calls and messages will break unless you share data with Facebook

WhatsApp told users last week that there was no need for alarm regarding an upcoming privacy policy deadline, as users who refuse to accept the privacy policy will not have their accounts deleted—they will just have their apps rendered useless, eventually incapable of receiving calls and messages...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2021/05/10 9:30 p.m.110 views

DNSObserver - A Handy DNS Service Written In Go To Aid In The Detection Of Several Types Of Blind Vulnerabilities

A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends notifications with the received request's details via Slack. DNSObserver can help you find bugs such as blind OS command...

7.3AI score
Exploits0References1
Prion
Prion
added 2021/03/04 3:15 p.m.15 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

3.5CVSS4.9AI score0.00838EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/03/04 3:15 p.m.28 views

CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

5.4CVSS6AI score0.00838EPSS
Exploits0References4
OSV
OSV
added 2021/03/04 3:15 p.m.1 views

UBUNTU-CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

5.4CVSS6AI score0.00838EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/03/04 2:56 p.m.26 views

CVE-2021-22183

An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions...

4.1CVSS5.1AI score0.00838EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/03/04 2:56 p.m.19 views

CVE-2021-22183

Removed by vendor...

5.4CVSS6AI score0.00838EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/02/17 7:0 p.m.40 views

6 strategies to reduce cybersecurity alert fatigue in your SOC

Today, organizations are faced with the increasingly difficult task of trying to protect their expanding digital estate from sophisticated cybersecurity threats. Migration to the cloud and a mobile workforce has dissolved the network boundary and projected the digital estate beyond its traditiona...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2020/12/23 2:53 p.m.17 views

CVE-2020-35584

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any...

5.6AI score0.00752EPSS
Exploits1References3
Rows per page
Query Builder