Lucene search
+L

102 matches found

cvelist
cvelist
added 2024/08/21 1:40 p.m.64 views

CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

8.1CVSS0.00392EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/08/21 12:0 a.m.7 views

PT-2024-38750 · Red Hat · Red Hat Openstack Platform

Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack Platform RHOSP director versions 16.1 through 17.1 Description: A flaw was found in the Red Hat OpenStack Platform RHOSP director, allowing an attacker to deploy potentially compromised container images via disabling TLS...

8.1CVSS6.7AI score0.00392EPSS
Exploits0References13
slackware
slackware
added 2023/11/16 8:56 p.m.28 views

[slackware-security] gimp

New gimp packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/gimp-2.10.36-i586-1slack15.0.txz: Upgraded. This release fixes security issues: If a user loads a malicious DDS, PSD, or PSP file, this...

7.8CVSS7.2AI score0.93639EPSS
Exploits0
susecve
susecve
added 2023/02/15 6:4 a.m.4 views

SUSE CVE-2009-0937

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors...

5CVSS6.7AI score0.01699EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:4 a.m.2 views

SUSE CVE-2009-0938

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service exit node crash via "malformed input."...

5CVSS6.7AI score0.0192EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-5123

The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...

5.9CVSS6.9AI score0.07987EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/09/19 12:0 a.m.108 views

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...

4.9CVSS0.8AI score0.00859EPSS
Exploits2
github
github
added 2022/04/01 1:59 p.m.54 views

Improper Removal of Sensitive Information Before Storage or Transfer in irrd

IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perform a brute-force search for the clear-text passphrase, and use these to make unauthorised changes to affected IRR...

7.5CVSS1.2AI score0.01366EPSS
Exploits0References7Affected Software1
osv
osv
added 2022/03/28 7:15 p.m.3 views

UBUNTU-CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS5.7AI score0.0083EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2022/03/28 7:15 p.m.31 views

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was leaking user passwords when adding mirrors with SSH credentials under specific conditions...

7.5CVSS6.9AI score0.0083EPSS
Exploits0References2
debiancve
debiancve
added 2022/03/28 6:53 p.m.81 views

CVE-2022-0738

Removed by vendor...

7.5CVSS7.1AI score0.0083EPSS
Exploits0
ptsecurity
ptsecurity
added 2022/03/28 12:0 a.m.2 views

PT-2022-13400 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.6 through 14.6.4 GitLab versions 14.7 through 14.7.3 GitLab versions 14.8 through 14.8.1 Description: An issue has been discovered in GitLab where user passwords were leaked when adding mirrors with SSH credentials under...

7.5CVSS7.2AI score0.0083EPSS
Exploits0References11
fedora
fedora
added 2022/03/27 12:17 a.m.67 views

[SECURITY] Fedora 36 Update: cobbler-3.3.2-1.fc36

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.1CVSS3.2AI score0.02256EPSS
Exploits1
redhatcve
redhatcve
added 2021/12/23 1:21 p.m.24 views

CVE-2020-16156

A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. Mitigation This issue can be mitigated by...

7.8CVSS0.3AI score0.00791EPSS
Exploits1References5
ubuntucve
ubuntucve
added 2021/12/13 6:15 p.m.30 views

CVE-2020-16156

CPAN 2.28 allows Signature Verification Bypass...

7.8CVSS7.1AI score0.00791EPSS
Exploits1References5
fedora
fedora
added 2021/05/05 1:23 a.m.35 views

[SECURITY] Fedora 34 Update: axel-2.17.10-1.fc34

Axel tries to accelerate HTTP/FTP downloading process by using multiple connections for one file. It can use multiple mirrors for a download. Axel has no dependencies and is lightweight, so it might be useful as a wget clone on byte-critical systems...

5.9CVSS2.9AI score0.01928EPSS
Exploits1
github
github
added 2020/09/01 7:1 p.m.25 views

Silently Runs Cryptocoin Miner in hooka-tools

Affected versions of hooka-tools were compromised and modified to silently run a cryptocoin miner in the background. All affected versions have been unpublished from the npm registry. Recommendation While this module has been unpublished, some versions may exist in mirrors or caches. Do not insta...

4.3AI score
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2019/11/04 12:0 a.m.5 views

The vulnerability of the Hex package manager, related to insufficient validation of input data, allows for the execution of arbitrary code.

The vulnerability of the package manager Hex is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading packages from a malicious mirror site...

8.8CVSS8.1AI score0.00877EPSS
Exploits0References4Affected Software2
redhatcve
redhatcve
added 2019/10/04 9:28 p.m.18 views

CVE-2009-0938

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service exit node crash via "malformed input."...

10CVSS6.2AI score0.0205EPSS
Exploits0References3
redhatcve
redhatcve
added 2019/10/04 9:27 p.m.19 views

CVE-2009-0937

Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors...

10CVSS6.2AI score0.0205EPSS
Exploits0References3
Rows per page
Query Builder