Lucene search
K

6348 matches found

Tenable Nessus
Tenable Nessus
added 2021/08/04 12:0 a.m.26 views

Xen / ARM Boot Modules Are Not Scrubbed Information Exposure (XSA-372)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability as boot modules are not scrubbed. The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen...

5.5CVSS5.7AI score0.00321EPSS
Exploits0References2
CloudLinux
CloudLinux
added 2021/08/02 5:33 p.m.19 views

Update of perl-Pod-Simple, perl-IO-Compress-Bzip2, perl-Log-Message, perl-CPANPLUS, perl-Parse-CPAN-Meta, perl-Archive-Tar, perl-Locale-Maketext-Simple, perl-Compress-Raw-Zlib, perl-ExtUtils-MakeMaker, perl-version, perl-Params-Check, perl-Module-CoreList, perl-parent, perl-Log-Message-Simple, perl-IO-Compress-Base, perl-Archive-Extract, perl-Test-Harness, perl-Module-Load, perl-Compress-Zlib, perl-Module-Pluggable, perl-Pod-Escapes, perl-Module-Build, perl-Module-Loaded, perl-Test-Simple, perl-Term-UI, perl-Package-Constants, perl-Object-Accessor, perl-Digest-SHA, perl-ExtUtils-ParseXS, perl-File-Fetch, perl-Time-HiRes, perl-Compress-Raw-Bzip2, perl-Time-Piece, perl-CGI, perl-ExtUtils-CBuilder, perl-IO-Zlib, perl-Module-Load-Conditional, perl-IO-Compress-Zlib, perl-ExtUtils-Embed, perl-IPC-Cmd, perl-CPAN

...

0.6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/08/02 4:47 p.m.4 views

org.apereo.cas:cas-server-support-gauth (>=6.0.0 <=6.1.7.1), org.apereo.cas:cas-server-support-gauth-core (>=6.0.0 <=6.1.7.1) +8 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.0.0 <=6.1.7.1)

org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.0, =6.0.0, =6.0.0, =6.1.0, =6.1.7.1 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...

7.5CVSS7.1AI score0.01204EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/08/02 4:47 p.m.7 views

org.apereo.cas:cas-server-support-gauth (>=6.2.0 <=6.2.3), org.apereo.cas:cas-server-support-gauth-core (>=6.2.0 <=6.2.3) +9 more potentially affected by CVE-2020-27178 via org.apereo.cas:cas-server-support-otp-mfa-core (>=6.2.0 <=6.2.3)

org.apereo.cas:cas-server-support-otp-mfa-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.3 Source cves: CVE-2020-27178 Source advisory: OSV:GHSA-Q39C-5VH5-VW2P...

7.5CVSS7.1AI score0.01204EPSS
Exploits0
Gitee
Gitee
added 2021/08/01 9:5 a.m.4 views

shadowbroker

This repository, zhangyouren/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules, payloads...

6.6AI score
Exploits0
Prion
Prion
added 2021/07/30 10:15 p.m.22 views

Default configuration

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

6.5CVSS7.2AI score0.02032EPSS
Exploits0References3Affected Software1
CloudLinux
CloudLinux
added 2021/07/29 6:3 p.m.59 views

Update of perl-Pod-Simple, perl-Log-Message-Simple, perl-Object-Accessor, perl-IPC-Cmd, perl-ExtUtils-MakeMaker, perl-Compress-Raw-Zlib, perl-CPAN, perl-CGI, perl-Digest-SHA, perl-Module-Loaded, perl-parent, perl-Module-CoreList, perl-Compress-Raw-Bzip2, perl-File-Fetch, perl-version, perl-ExtUtils-Embed, perl-Locale-Maketext-Simple, perl-Time-HiRes, perl-Module-Load-Conditional, perl-IO-Compress-Bzip2, perl-ExtUtils-CBuilder, perl-Term-UI, perl-Module-Build, perl-Pod-Escapes, perl-IO-Compress-Base, perl-Parse-CPAN-Meta, perl-Time-Piece, perl-Params-Check, perl-Module-Pluggable, perl-Archive-Tar, perl-IO-Compress-Zlib, perl-Package-Constants, perl-Test-Simple, perl-Test-Harness, perl-IO-Zlib, perl-ExtUtils-ParseXS, perl-Archive-Extract, perl-CPANPLUS, perl-Log-Message, perl-Module-Load, perl-Compress-Zlib

...

0.6AI score
Exploits0References1
Cvelist
Cvelist
added 2021/07/29 3:4 p.m.14 views

CVE-2020-21808

SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php...

9.9AI score0.01583EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/07/27 12:0 a.m.21 views

Fedora: Security Advisory for varnish-modules (FEDORA-2021-cf7585f0ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS7.2AI score0.01599EPSS
Exploits0References2
Fedora
Fedora
added 2021/07/25 1:3 a.m.51 views

[SECURITY] Fedora 34 Update: varnish-modules-0.17.1-2.fc34

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

6.5CVSS0.8AI score0.01599EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/07/22 3:29 p.m.2 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/22 3:9 p.m.6 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.35 views

Amazon Linux AMI : containerd (ALAS-2021-1523)

The version of containerd installed on the remote host is prior to 1.4.6-2.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1523 advisory. A bug was discovered in containerd where pulling and extracting a specially-crafted container image can result in Unix file...

6.8CVSS6.3AI score0.01608EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/07/21 12:0 a.m.29 views

SUSE SLES12 Security Update : containerd (SUSE-SU-2021:2413-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2413-1 advisory. - CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. bsc1188282 Tenable has extracted...

6.8CVSS6.5AI score0.01608EPSS
Exploits2References4
NVD
NVD
added 2021/07/20 12:15 a.m.16 views

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

7.5CVSS0.00869EPSS
Exploits0References2
OSV
OSV
added 2021/07/20 12:15 a.m.15 views

CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

7.5CVSS7AI score
Exploits0References2
OSV
OSV
added 2021/07/20 12:15 a.m.1 views

UBUNTU-CVE-2021-32773

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

7.5CVSS6AI score0.00869EPSS
Exploits0References4
Prion
Prion
added 2021/07/20 12:15 a.m.15 views

Design/Logic Flaw

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

5CVSS7.6AI score0.00869EPSS
Exploits0References2Affected Software1
ArchLinux
ArchLinux
added 2021/07/20 12:0 a.m.128 views

[ASA-202107-39] racket: sandbox escape

Arch Linux Security Advisory ASA-202107-39 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-32773 Package : racket Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-2175 Summary ======= The package racket before version 8.2...

7.5CVSS2.5AI score0.00869EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/07/19 11:55 p.m.21 views

CVE-2021-32773 Confused deputy attack in sandbox module resolution

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow...

6.1CVSS7.7AI score0.00869EPSS
Exploits0References2
Rows per page
Query Builder