Lucene search
K

249 matches found

ATTACKERKB
ATTACKERKB
added 2023/11/22 5:15 p.m.4 views

CVE-2023-47312

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries...

6.5CVSS6.6AI score0.00396EPSS
Exploits1References2
OSV
OSV
added 2023/11/15 11:35 a.m.11 views

MGASA-2023-0319 Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error cou...

5.3CVSS5.8AI score0.05848EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/11/08 7:21 p.m.38 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.6CVSS6.4AI score0.00191EPSS
Exploits0References2
Prion
Prion
added 2023/11/03 6:15 a.m.24 views

Input validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

7.5CVSS9.1AI score0.00621EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 5:55 a.m.18 views

CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

9.8CVSS7.1AI score0.00621EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/03 5:55 a.m.20 views

CVE-2023-41355 Chunghwa Telecom NOKIA G-040W-Q - Improper Input Validation

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive...

9.8CVSS9.5AI score0.00621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/10/31 12:0 a.m.97 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.6 (RHSA-2023:6206)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6206 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

5.3CVSS7.3AI score0.05848EPSS
Exploits2References7
The Hacker News
The Hacker News
added 2023/10/24 12:30 p.m.36 views

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

A former employee of the U.S. National Security Agency NSA has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022,...

6.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2023/10/24 3:27 a.m.135 views

CVE-2023-42795

A flaw was found in Apache Tomcat. Tomcat may skip, after an error, the recycling of the internal objects that the next request/response process might use, resulting in information leaking from one request to the next. This flaw allows a malicious user to have access to this information. Mitigati...

5.3CVSS5.4AI score0.0216EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.48 views

Apache Tomcat 11.0.0-M1 < 11.0.0-M12 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

7.5CVSS8.6AI score0.99999EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.152 views

Apache Tomcat 9.0.70 < 9.0.81 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

7.5CVSS8.6AI score0.99999EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.53 views

Apache Tomcat 10.1.0-M1 < 10.1.14 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

7.5CVSS8.6AI score0.99999EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.57 views

Apache Tomcat 8.5.85 < 8.5.94 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.85 to 8.5.93, 9.0.70 to 9.0.80, 10.1.0-M1 to 10.1.13 or 11.0.0-M1 to 11.0.0-M11. It is, therefore, affected by multiple vulnerabilities : - Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer...

7.5CVSS8.6AI score0.99999EPSS
Exploits21References5
Github Security Blog
Github Security Blog
added 2023/10/10 6:31 p.m.54 views

Apache Tomcat Incomplete Cleanup vulnerability

Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recyclin...

5.3CVSS7.4AI score0.0216EPSS
Exploits1References12Affected Software4
Prion
Prion
added 2023/10/10 6:15 p.m.35 views

Input validation

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5CVSS6.1AI score0.0216EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2023/10/10 6:15 p.m.98 views

CVE-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS6.8AI score0.0216EPSS
Exploits1References6
OSV
OSV
added 2023/10/10 5:42 p.m.46 views

CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

5.3CVSS6.7AI score0.0216EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/10/10 5:42 p.m.33 views

CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...

7.6AI score0.0216EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.55 views

Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...

7.5CVSS7.3AI score0.99999EPSS
Exploits21References7
RedhatCVE
RedhatCVE
added 2023/09/28 12:24 p.m.27 views

CVE-2023-40026

A flaw was found in Argo CD. For any version using Helm, using a specially crafted Helm file could reference external Helm charts handled by the same repo-server to leak values or files from the referenced Helm Chart. This issue is possible because the Helm paths were predictable. Mitigation...

5CVSS6.6AI score0.005EPSS
Exploits0References4
Rows per page
Query Builder