Lucene search
K

69 matches found

PyPA
PyPA
added 2022/01/25 2:15 p.m.9 views

PYSEC-2022-16

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

7.1CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/01/04 7:15 p.m.2 views

ALPINE-CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

7.5CVSS6.6AI score0.01367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/01/04 12:0 a.m.5 views

CVE-2021-41141 Missing release of locks in PJSIP

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

5.9CVSS7AI score0.01367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/04 12:0 a.m.2 views

PT-2022-2181 · Pjsip +1 · Pjsip +1

Name of the Vulnerable Software and Affected Versions: PJSIP versions up to and including 2.11.1 Description: The issue is related to synchronization errors when using shared resources in the PJSIP library. When an error or failure occurs in various parts of PJSIP, the function returns without...

9.8CVSS8.4AI score0.0462EPSS
Exploits2References59
Elastic
Elastic
added 2021/12/15 10:21 p.m.11 views

Elasticsearch 5.0.0-5.6.10 and 6.0.0-6.3.2: Log4j CVE-2021-44228, CVE-2021-45046 remediation

Note — If you are not running Elasticsearch 5.0.0-5.6.10 or 6.0.0-6.3.2, these instructions do not apply. Please follow the guidance in themain announcement. Instructions for removing JndiLookup from the log4j-core JAR file​ These instructions only apply to users running Elasticsearch versions...

10CVSS7.6AI score0.99999EPSS
Exploits353
Cvelist
Cvelist
added 2021/08/18 2:45 p.m.23 views

CVE-2021-37702 Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore

Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround...

8CVSS9AI score0.0106EPSS
Exploits0References2
Prion
Prion
added 2021/07/02 6:15 p.m.16 views

Cross site scripting

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...

3.5CVSS5.2AI score0.00665EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/04/29 9:15 p.m.33 views

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

8.8CVSS6.8AI score
Exploits0References4
Gitee
Gitee
added 2021/04/22 10:39 p.m.7 views

wesng

This is an offensive tool for Windows vulnerability exploitation. It is a Python-based tool called Windows Exploit Suggester - Next Generation WES-NG, which provides a list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. The tool uses the output of...

7.3AI score
Exploits0
Rows per page
Query Builder