Lucene search
+L

89 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:38 p.m.17 views

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

8.1CVSS6.7AI score0.00626EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/01/23 12:0 a.m.7 views

CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

7.5CVSS7.1AI score0.01509EPSS
Exploits0References4
CVE
CVE
added 2025/01/15 1:5 p.m.2420 views

CVE-2024-57893

CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...

6.3CVSS6.7AI score0.00158EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/01/15 1:5 p.m.33 views

CVE-2024-57893 ALSA: seq: oss: Fix races at processing SysEx messages

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this...

0.00158EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2025/01/07 12:0 a.m.7 views

This Week in Spring - January 7th, 2025

Hi, Spring fans, and happy new year! It's been another super seven days since we last spoke and, as always, there's a lot to cover so let's dive right into it! A long time in coming, but it's finally here! Hello DCO, Goodbye CLA: Simplifying Contributions to Spring the Spring AI hits just keep on...

7.2AI score
Exploits0
HackRead
HackRead
added 2024/12/15 8:30 p.m.10 views

Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024

Resecurity unveils AI-powered GSOC at NATO Edge 2024, integrating VR for advanced cybersecurity. Tailored for MSSPs, it enhances…...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.6 views

PT-2024-30113

Name of the Vulnerable Software and Affected Versions No information is available about the vulnerable software and its affected versions. Description The provided information does not contain details about a specific issue. It appears to be a personal introduction and does not include any releva...

6.5CVSS6.5AI score0.00597EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.7 views

PT-2024-30933

Name of the Vulnerable Software and Affected Versions No information is available about the vulnerable software and its affected versions. Description The provided information does not contain details about a specific issue. It appears to be a personal introduction and does not mention any...

9.8CVSS6.5AI score0.00353EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.29 views

CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

0.0019EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 6:0 a.m.11 views

CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.8AI score0.0019EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/08/27 1:36 a.m.4 views

WordPress Blog Introduction plugin <= 0.3.0 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Blog Introduction versions = 0.3.0...

6.5CVSS7AI score0.0019EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.10 views

WordPress Blog Introduction Plugin <= 0.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blog Introduction Type Plugin Vulnerable versions = 0.3.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7862 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b5cd399b1013 Credits Daniel Ruf Required...

6.5CVSS6.7AI score0.0019EPSS
Exploits1References3Affected Software1
Akamai Blog
Akamai Blog
added 2024/02/13 8:0 a.m.11 views

Say Goodbye to Monolithic EdgeWorkers: Introducing Flexible Composition (Part 2)

...

7.3AI score
Exploits0
Wiz blog
Wiz blog
added 2023/09/27 5:0 p.m.23 views

Unveiling eBPF: Revolutionizing Security and Observability

An Introduction to Extended BPF and Its Transformative Impact...

6.9AI score
Exploits0
OSV
OSV
added 2023/05/24 6:15 p.m.5 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

7.4CVSS7.1AI score0.00596EPSS
Exploits1References1
NVD
NVD
added 2023/05/24 6:15 p.m.11 views

CVE-2023-33983

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

7.4CVSS7.4AI score0.00596EPSS
Exploits1References1
Prion
Prion
added 2023/05/24 6:15 p.m.19 views

Code injection

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties...

4CVSS7.4AI score0.00596EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/05/24 12:0 a.m.58 views

CVE-2023-33983

The CVE-2023-33983 entry covers Briar’s Introduction Client up to version 1.5.3, where there is no out-of-band verification of public keys for Introduced Parties. This enables an introducer to conduct man-in-the-middle attacks on future private communication between two introduced parties. Docume...

7.4CVSS7.4AI score0.00596EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.7 views

PT-2023-24617 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions 1.5.3 and earlier Description: The Introduction Client in Briar does not implement out-of-band verification for the public keys of introducees. This allows an introducer to launch man-in-the-middle attacks against later private...

7.4CVSS6.8AI score0.00596EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.9 views

Briar 安全漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...

7.4CVSS7.2AI score0.00596EPSS
Exploits1References2
Rows per page
Query Builder