Lucene search
K

249 matches found

Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.430 views

CentOS 7 : kernel (RHSA-2024:1249)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1249 advisory. - There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2capcore.c's l2capconnect and l2capleconnectreq functions which may all...

8.8CVSS7.3AI score0.28058EPSS
Exploits17References7
RedhatCVE
RedhatCVE
added 2024/03/07 7:7 a.m.37 views

CVE-2024-28110

A vulnerability was found in cloudevents/sdk-go. This issue involves using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper results in the go-sdk leaking credentials to arbitrary endpoints. When the transport is populated with an authenticated...

6.5CVSS7.3AI score0.00661EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/06 8:11 p.m.45 views

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials

Impact What kind of vulnerability is it? Who is impacted? Using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. The relevant code is here also inline, emphasis added: if p.Client == n...

7.5CVSS7AI score0.00661EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/06 11:8 a.m.44 views

BIT-TOMCAT-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.13, from 9.0.0 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process...

5.3CVSS6.7AI score0.0216EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2024/03/05 5:10 p.m.21 views

CVE-2021-47103

A use-after-free vulnerability was found in the TCP IP protocol in the Linux Kernel, where a delete operation of the RCU-protected pointer is supposed to clear the pointer before the callrcu/synchronizercu guarding the actual memory freeing. This flaw allows a local attacker to crash the system o...

7.1CVSS6.2AI score0.00451EPSS
Exploits1References4
NVD
NVD
added 2024/03/02 10:15 p.m.21 views

CVE-2023-52500

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

5.5CVSS7.5AI score0.00229EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/03/02 9:52 p.m.26 views

CVE-2023-52500

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPCINBSETCONTROLLERCONFIG command Tags allocated for OPCINBSETCONTROLLERCONFIG command need to be freed when we receive the response...

5.5CVSS5.9AI score0.00229EPSS
Exploits0
CloudLinux
CloudLinux
added 2024/02/29 11:6 a.m.54 views

kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

8.8CVSS7.3AI score0.06214EPSS
Exploits8
CloudLinux
CloudLinux
added 2024/02/29 11:4 a.m.48 views

kernel: Fix of 7 CVEs

KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 CVE-2021-3653 - xen/netfront: fix leaking data in shared pages CVE-2022-33740 - xfs: fix up non-directory creation in SGID directories CVE-2021-4037 - netsched: clsroute: remove from list when handle is 0 CVE-2022-2588 -...

8.8CVSS7.3AI score0.06214EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2024/02/27 3:32 p.m.31 views

CVE-2021-46923

In the Linux kernel, the following vulnerability has been resolved: fs/mountsetattr: always cleanup mountkattr Make sure that finishmountkattr is called after mountkattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We...

5.5CVSS5.1AI score0.00211EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/17 12:0 a.m.87 views

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2024:0472-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0472-1 advisory. Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing bsc1216118. - CVE-2023-42794: FileUpload:...

7.8CVSS6.8AI score0.05848EPSS
Exploits2References18
WPVulnDB
WPVulnDB
added 2024/02/08 12:0 a.m.18 views

Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...

6.3AI score0.00456EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2024/02/02 10:40 a.m.29 views

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

A former software engineer with the U.S. Central Intelligence Agency CIA has been sentenced to 40 years in prison by the Southern District of New York SDNY for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally...

6.9AI score
Exploits0
OSV
OSV
added 2024/01/30 3:15 p.m.10 views

CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

6.5CVSS6.1AI score0.00623EPSS
Exploits1References5
NVD
NVD
added 2024/01/24 10:15 a.m.20 views

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.5AI score0.00394EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2024/01/17 3:50 a.m.48 views

K000138178: Apache Tomcat vulnerability CVE-2023-42795

Security Advisory Description Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to...

5.3CVSS8AI score0.0216EPSS
Exploits1Affected Software13
Vulnrichment
Vulnrichment
added 2024/01/02 8:29 p.m.17 views

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS7.2AI score0.01226EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/01/02 8:29 p.m.18 views

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

9.8CVSS9.9AI score0.01226EPSS
Exploits1References5
OSV
OSV
added 2023/12/29 5:21 p.m.24 views

CVE-2023-52139 Misskey vulnerable to improper authorization when accessing with third-party application

Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as kind or secure without the user's permission and perform operations such as reading or adding non-public content. As a...

9CVSS8.7AI score0.00549EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/12/22 3:8 a.m.36 views

U.S. Dept Of Defense: ███ leaking PII of tour visitors (names, email addresses, phone numbers) via misconfigured record permissions

The ████████ portal was found to be leaking sensitive personal information, including full names, email addresses, and phone numbers of its users. The issue was caused by a misconfiguration that allowed registered users to access records of other users, potentially exposing the data of hundreds o...

6.8AI score
Exploits0
Rows per page
Query Builder