Lucene search
K

4606 matches found

Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.2 views

PT-2023-21344 · Jpegoptim +1 · Jpegoptim +1

Name of the Vulnerable Software and Affected Versions: jpegoptim version 1.5.2 Description: A heap overflow can occur with crafted JPEG image files, specifically in the optimize function at jpegoptim.c. This issue is related to the processing of JPEG images. Recommendations: For jpegoptim version...

7.8CVSS7.4AI score0.00393EPSS
Exploits1References17
OSV
OSV
added 2023/03/14 5:15 p.m.1 views

ALPINE-CVE-2023-27585

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to...

7.5CVSS7.4AI score0.0233EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.3 views

PT-2023-21230 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: Rizin versions 0.5.1 and prior Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. Converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when th...

7.8CVSS7.6AI score0.00315EPSS
Exploits0References10
NVD
NVD
added 2023/03/10 9:15 p.m.10 views

CVE-2022-37939

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...

5.5CVSS4.2AI score0.0019EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/03/08 12:30 p.m.23 views

Easy!Appointments uses hard-coded credentials

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...

9.8CVSS9AI score0.00743EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.3 views

PT-2023-1907 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to a command injection vulnerability in the SSH CLI program of MXsecurity. This vulnerability can be exploited by attackers who have gained authorization privileges, allowing them to...

10CVSS8.8AI score0.01456EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.8 views

PT-2023-16810 · Wisecleaner · Wise Folder Hider +1

Name of the Vulnerable Software and Affected Versions: WiseCleaner Wise Folder Hider version 4.4.3.202 Description: A vulnerability was found in the WiseCleaner Wise Folder Hider software, affecting the function in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation...

5.5CVSS7AI score0.00381EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.13 views

PT-2023-20493 · Dot-Lens · Dot-Lens

Name of the Vulnerable Software and Affected Versions: dot-lens versions all Description: The issue concerns Prototype Pollution via the set function in the index.js file. This affects all versions of the dot-lens package. There is no information provided about the estimated number of potentially...

7.5CVSS7.3AI score0.00947EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2023/03/03 3:30 a.m.19 views

Cockpit Uses Platform-Dependent Third Party Components

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit 2.3.9 and prior. A patch is available and anticipated to be part of version 2.4.0...

5.5CVSS5.6AI score0.00349EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/02 6:37 p.m.8 views

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

5.7CVSS7.1AI score0.00855EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/03/02 6:28 p.m.9 views

CVE-2023-26471 XWiki Platform users may execute anything with superadmin right through comments and async macro

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

9.9CVSS7.2AI score0.0092EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/03/02 5:46 p.m.9 views

CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

6.6CVSS7AI score0.0067EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2023/03/02 4:18 a.m.13 views

CVE-2022-36280 affecting package kernel 5.10.167.1-1

CVE-2022-36280 affecting package kernel 5.10.167.1-1. A patched version of the package is available...

6.3CVSS6.8AI score0.00591EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/03/02 4:18 a.m.13 views

CVE-2022-42329 affecting package kernel 5.10.167.1-1

CVE-2022-42329 affecting package kernel 5.10.167.1-1. A patched version of the package is available...

5.5CVSS9.7AI score0.0021EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.5 views

PT-2023-12423 · Unknown · Serenityos

Name of the Vulnerable Software and Affected Versions: SerenityOS affected versions not specified Description: A critical issue has been found in SerenityOS, affecting the function initialize typed array from array buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. This issue...

9.8CVSS7.2AI score0.00934EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.5 views

PT-2023-19418 · Jensen Of Scandinavia · Jensen Of Scandinavia Eagle 1200Ac

Name of the Vulnerable Software and Affected Versions: Jensen of Scandinavia Eagle 1200AC version V15.03.06.33 en Description: A stack overflow issue was discovered via the wepkey1 parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For version V15.03.06.33 en, consider disabli...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-21056 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...

5.4CVSS5.2AI score0.0053EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.3 views

PT-2023-16739 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.3 Description: The issue is related to Cross-site Scripting XSS - Stored, which allows attackers to inject malicious scripts into the website. A patch is available and is anticipated to be part of...

5.7CVSS5AI score0.00434EPSS
Exploits0References10
CBLMariner
CBLMariner
added 2023/02/24 1:54 a.m.19 views

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4. A patched version of the package is available...

6.5CVSS7.2AI score0.01301EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/02/24 12:0 a.m.5 views

PT-2023-3640 · Sage · Sage X3

Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...

5.5CVSS5.7AI score0.00352EPSS
Exploits0References7
Rows per page
Query Builder