Lucene search
K

215 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:55 p.m.7 views

CVE-2022-32799

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...

5.9CVSS5.5AI score0.01324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 p.m.8 views

CVE-2021-30722

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information...

5.9CVSS5.2AI score0.01641EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.11 views

CVE-2019-10926

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...

5.3CVSS6.8AI score0.01548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/09 6:8 p.m.17 views

CVE-2025-20157

A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smar...

5.9CVSS7.1AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2025/01/27 7:20 a.m.15 views

BIT-RUBY-MIN-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS7.4AI score0.02909EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2024/11/25 9:30 a.m.18 views

OpenShift Console Server Side Request Forgery vulnerability

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.5AI score0.00569EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/25 6:15 a.m.9 views

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS5.1AI score0.00569EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/11/21 10:20 a.m.16 views

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

5.3CVSS6.3AI score0.00569EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 5:15 p.m.41 views

CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...

7.3CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/17 4:32 p.m.21 views

CVE-2024-20395

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...

6.4CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2024/07/17 4:32 p.m.96 views

CVE-2024-20395

Cisco Webex App contains a vulnerability in the media retrieval functionality that could allow an unauthenticated, adjacent attacker to access sensitive session information by intercepting insecurely transmitted requests for embedded media. The root cause is insecure transmission of requests to b...

7.3CVSS6.5AI score0.00217EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/08 2:15 a.m.19 views

CVE-2024-23277

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...

5.9CVSS4.9AI score0.00715EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/03/08 1:35 a.m.27 views

CVE-2024-23277

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...

6.8AI score0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/08 1:35 a.m.21 views

CVE-2024-23277

The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...

5.3AI score0.00715EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:5 a.m.36 views

BIT-RUBY-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS7.5AI score0.02909EPSS
Exploits1References9
Veracode
Veracode
added 2024/01/13 6:54 a.m.33 views

Improper Input Validation

chromium is vulnerable to Improper Input Validation. The vulnerability is due to Insufficient data validation in Extensions. This flaw allowed attackers in a privileged network position to install malicious extensions through a specially crafted HTML page...

5.3CVSS6.6AI score0.00429EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2024/01/10 10:15 p.m.18 views

CVE-2024-0333

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.1AI score
Exploits0References4
Cvelist
Cvelist
added 2024/01/10 9:28 p.m.29 views

CVE-2024-0333

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

5.1AI score0.00429EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/10 9:23 p.m.24 views

CVE-2023-42941

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets...

5AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/10 9:23 p.m.19 views

CVE-2023-42941

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets...

5.7AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder