Lucene search
K

6348 matches found

vulnersOsv
vulnersOsv
added 2022/01/07 10:31 p.m.5 views

cn.ac.ios.tis:riscvspeccore_2.12 (>=0.1.0 <=1.0.0), cn.dustlight.flow:flow-zeebe (>=0.1.3-alpha <=0.1.7-alpha) +1037 more potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-java (>=3.18.0 <=3.18.1)

com.google.protobuf:protobuf-java MAVEN version =3.18.0, =0.1.0, =0.1.3-alpha, =0.0.1-alpha, =0.0.2-alpha - cn.vertxup:vertx-co =0.7.0 - cn.vertxup:vertx-ifx =0.7.0 - cn.vertxup:vertx-import =0.7.0 - cn.vertxup:vertx-pin =0.7.0 - cn.vertxup:vertx-rx =0.7.0 - cn.vertxup:vertx-tp =0.7.0 -...

7.5CVSS6.7AI score0.01655EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.4 views

The vulnerability of the IMController component, which is part of the system services, drivers, and additional modules of the Lenovo System Interface Foundation, allows attackers to escalate their privileges.

The vulnerability of the IMController component, which is part of the system services, drivers, and additional modules of the Lenovo System Interface Foundation, stems from a “race condition”. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.1AI score0.01771EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2021/12/30 10:22 a.m.46 views

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out iLO server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is t...

0.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/27 7:54 a.m.2 views

Multiple vulnerabilities in IDEC PLCs

Overview Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below. Unprotected transport of credentials CWE-523 - CVE-2021-37400 Plaintext storage of a password CWE-256 - CVE-2021-37401 Unprotected transport of credentials CWE-523 - CVE-2021-20826 Plaintext storage...

9.8CVSS7.2AI score0.0134EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2021/12/23 6:15 p.m.26 views

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

7.5CVSS7.2AI score0.02668EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2021/12/22 12:0 a.m.9 views

The software vulnerabilities of the Ethernet module servers WISE-4060 and Adam-6050 D allow attackers to redirect users to any desired URL address.

The vulnerability of the software for Ethernet server modules WISE-4060 and Adam-6050 D lies in the insufficient protection of web pages. Exploiting this vulnerability can allow a remote attacker to redirect users to any arbitrary URL address...

7.5CVSS5.7AI score
Exploits0References2Affected Software1
Rockylinux
Rockylinux
added 2021/12/21 9:7 a.m.11 views

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

0.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/12/17 12:0 a.m.5 views

The vulnerability of the module of central processors in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L allows a intruder to trigger a service failure.

The vulnerability of the microcontroller modules in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L is related to errors in processing input data length parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions...

7.8CVSS7.2AI score0.03077EPSS
Exploits0References4Affected Software10
Fedora
Fedora
added 2021/12/09 1:12 a.m.17 views

[SECURITY] Fedora 35 Update: libopenmpt-0.5.14-1.fc35

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
NCSC
NCSC
added 2021/12/03 12:0 a.m.5 views

Vulnerabilities remedied in Dell PowerEdge VRTX and X-Series firmware

Dell has fixed vulnerabilities in VRTX switch module firmware. By exploiting these vulnerabilities, an unauthenticated malicious person remotely retrieve another user's login credentials retrieve another user's login credentials and thereby gain elevated privileges. It is also it is possible to...

9.8CVSS7.2AI score0.01248EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/01 6:29 p.m.9 views

@backstage/plugin-auth-backend (>=0.0.0-nightly-20240122021809 <=0.24.5), @backstage/plugin-auth-backend-module-aws-alb-provider (>=0.0.0-nightly-20240126021148 <=0.4.17-next.0) +9 more potentially affected by CVE-2021-43776 via @backstage/plugin-auth-backend (>=0.0.0-nightly-20240929023448 <=0.4.10)

@backstage/plugin-auth-backend NPM version =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240122021809, =0.0.0-nightly-20240126021148, =0.0.0-nightly-20240122021809, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =5.0.0-alpha.1, =1.0.0, =0.2.0, =1.0.0, =1.2.0...

7.4CVSS6.7AI score0.00656EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/12/01 2:56 p.m.48 views

OWASP Top 10 Deep Dive: Identification and Authentication Failures

In the 2021 edition of the OWASP top 10 list, Broken Authentication was changed to Identification and Authentication Failures. This term bundles in a number of existing items like cryptography failures, session fixation, default login credentials, and brute-forcing access. Additionally, this...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.5 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit operating systems for iOS, related to the use of memory after it is freed, allows attackers to execute arbitrary code.

The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS operating systems is related to the use of memory after it is freed during the processing of malicious web content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS7.4AI score0.11074EPSS
Exploits0References6Affected Software5
Gitee
Gitee
added 2021/11/29 11:7 p.m.4 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview

PoC exploit for CVE-2017-14947, an RCE vulnerability in Redis 4.x/5.x. The target product/service is Redis, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py that is...

7.8CVSS7.3AI score0.01233EPSS
Exploits3
Fedora
Fedora
added 2021/11/27 1:16 a.m.30 views

[SECURITY] Fedora 34 Update: slurm-21.08.4-1.fc34

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

6.5CVSS6.5AI score0.01199EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/11/19 8:55 p.m.31 views

Broken encryption in EdgeX Foundry

Summary Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. Detailed Description The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in th...

5.7CVSS5.3AI score0.00313EPSS
Exploits0References4Affected Software3
RedHat Linux
RedHat Linux
added 2021/11/16 2:23 p.m.42 views

Important: Red Hat Security Advisory: RHV Engine and Host Common Packages security update [ovirt-4.4.9]

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

5.5CVSS6.6AI score0.00384EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/11/10 7:33 p.m.7 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41199 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41199 Source advisory: OSV:GHSA-5HX2-QX8J-QJQM...

5.5CVSS6AI score0.0023EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/11/10 6:57 p.m.4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41216 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41216 Source advisory: OSV:GHSA-3FF2-R28G-W7H9...

7.8CVSS7.1AI score0.00156EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/11/10 6:44 p.m.6 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41225 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41225 Source advisory: OSV:GHSA-7R94-XV9V-63JW...

7.8CVSS7.1AI score0.0019EPSS
Exploits1
Rows per page
Query Builder