Lucene search
K

6348 matches found

Github Security Blog
Github Security Blog
added 2022/02/15 1:57 a.m.31 views

Arbitrary File Override in Docker Engine

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

3.6CVSS7.2AI score0.00567EPSS
Exploits0References9Affected Software1
Code423n4
Code423n4
added 2022/02/15 12:0 a.m.10 views

Basis points constant BPS_MAX is used as minimal fee amount requirement

Lines of code Vulnerability details Impact Base fee modules require minimum fixed fee amount to be at least BPSMAX, which is hard coded to be 10000. This turns out to be a functionality restricting requirement for some currencies. For example, WBTC , 10 in ERC20 token rankings, has decimals of 8...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/15 12:0 a.m.10 views

Reentrancy allows commenter to overwrite own comments

Lines of code Vulnerability details Since the Lens platform is a blockchain-based social media platform, it's important that information relevant to users be emitted so that light clients need not continually refer to the blockchain, which can be expensive. From the docs: Events are emitted at...

6.6AI score
Exploits0
OSV
OSV
added 2022/02/12 12:0 a.m.24 views

GHSA-V8WR-R69P-MMWX Unrestricted Upload of File with Dangerous Type in Drupal core

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the si...

9.8CVSS9.3AI score0.01217EPSS
Exploits0References3
OSV
OSV
added 2022/02/11 6:15 p.m.3 views

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

7.5CVSS7.1AI score0.01012EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.4 views

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

7.5CVSS5.8AI score0.01012EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.21 views

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

7.5CVSS0.01012EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

5CVSS7.3AI score0.01012EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.20 views

Information disclosure

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

5CVSS7.2AI score0.0094EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.26 views

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

7.6AI score0.01012EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/02/10 8:47 p.m.3 views

com.soterianetworks:spase-cipped (>=0.9.17 <=0.9.46), com.soterianetworks:spase-cipped-starter (>=0.9.17 <=0.9.46) +47 more potentially affected by CVE-2019-11343 via org.torpedoquery:org.torpedoquery (>=1.7.0 <=2.5.1)

org.torpedoquery:org.torpedoquery MAVEN version =1.7.0, =0.9.17, =0.9.17, =0.9.0, =0.9.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.11.0, =3.12.2 - de.alpharogroup:dating-system-business =3.11.0 - de.alpharogroup:dating-system-domain =3.11.0 - de.alpharogroup:dating-system-init =3.11.0 -...

9.8CVSS7.2AI score0.01736EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/10 8:22 p.m.3 views

org.eclipse.hono:client-device-connection-infinispan (>=1.2.0 <=1.12.3), org.eclipse.hono:hono-adapter-amqp-vertx (>=0.7 <=1.12.3) +67 more potentially affected by CVE-2020-27217 via org.eclipse.hono:hono-core (>=0.5 <=1.4.0)

org.eclipse.hono:hono-core MAVEN version =0.5, =1.2.0, =0.7, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.4.0, =0.8-M11, =0.8-M11, =1.10.0, =0.5, =0.5, =1.10.0, =0.5, =1.0-M5, =1.12.3 and more Source cves: CVE-2020-27217 Source advisory: OSV:GHSA-9F52-HPVW-V96W...

7.5CVSS7.2AI score0.01289EPSS
Exploits0
Kitploit
Kitploit
added 2022/02/10 11:30 a.m.25 views

LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...

8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/02/10 12:32 a.m.4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23575 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23575 Source advisory: OSV:GHSA-C94W-C95P-PHF8...

6.5CVSS6.5AI score0.00783EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 11:47 p.m.5 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21740 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21740 Source advisory: OSV:GHSA-44QP-9WWF-734R...

8.8CVSS7.2AI score0.00788EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 11:45 p.m.6 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21738 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21738 Source advisory: OSV:GHSA-X4QX-4FJV-HMW6...

6.5CVSS6.5AI score0.00783EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 11:29 p.m.13 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23589 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23589 Source advisory: OSV:GHSA-9PX9-73FG-3FQP...

6.5CVSS6.5AI score0.01097EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/09 6:28 p.m.7 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21726 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21726 Source advisory: OSV:GHSA-23HM-7W47-XW72...

8.8CVSS7.2AI score0.00818EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules Uncontrolled Resource Consumption (CVE-2019-13555)

In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior, MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior,...

5.9CVSS6.1AI score0.01521EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.14 views

Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

8.8CVSS8.3AI score0.01073EPSS
Exploits0References3
Rows per page
Query Builder