Lucene search
K

4604 matches found

CBLMariner
CBLMariner
added 2022/06/03 5:54 p.m.19 views

CVE-2021-4197 affecting package kernel for versions less than 5.15.37.1-2

CVE-2021-4197 affecting package kernel for versions less than 5.15.37.1-2. A patched version of the package is available...

7.8CVSS7.2AI score0.00541EPSS
Exploits0
NVD
NVD
added 2022/05/31 11:15 p.m.21 views

CVE-2022-31013

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.8CVSS0.01372EPSS
Exploits0References3
Prion
Prion
added 2022/05/31 11:15 p.m.18 views

Authentication flaw

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

7.5CVSS9.5AI score0.01372EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/31 10:35 p.m.6 views

CVE-2022-31013 Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.1CVSS9.7AI score0.01372EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/31 10:35 p.m.26 views

CVE-2022-31013 Authentication bypass in Vartalap chat-server

Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function this.authProvider.verifyAccessKey is an async function, as the code is not using await t...

9.1CVSS9.8AI score0.01372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/05/31 7:30 p.m.5 views

CVE-2022-31011 TiDB authentication bypass vulnerability

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing HTAP workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access...

7.8CVSS7.9AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2022/05/26 12:1 a.m.17 views

GHSA-9PG5-3PJC-F8WM Path traversal in ginadmin

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. A patch is available on the master branch of the repository...

7.5CVSS7.5AI score0.01438EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/26 12:1 a.m.26 views

Path traversal in ginadmin

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. A patch is available on the master branch of the repository...

7.5CVSS7.3AI score0.01438EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/26 12:0 a.m.5 views

PT-2022-23716 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL...

9.8CVSS9.7AI score0.06534EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/05/25 12:0 a.m.3 views

CVE-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8CVSS8.1AI score0.01239EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.33 views

Magento php object injection vulnerability

Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. A patch SUPEE-11346 is available at Magento Open Source Download Page Release Archive Tab Magento Open Source Patches - 1.x...

9.8CVSS7.8AI score0.08385EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/20 11:35 p.m.22 views

CVE-2022-29216 Code injection in `saved_model_cli` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

7.8CVSS8AI score0.00536EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2022/05/20 10:30 p.m.6 views

CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

7.1CVSS7.1AI score0.00378EPSS
Exploits1References6
Prion
Prion
added 2022/05/20 7:15 p.m.16 views

Design/Logic Flaw

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

4.6CVSS8AI score0.00285EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/05/20 7:15 p.m.10 views

Code injection

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...

7.2CVSS8.2AI score0.00355EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/20 6:15 p.m.4 views

CVE-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

8.8CVSS8.6AI score0.00285EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/05/20 12:0 a.m.8 views

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

8.2CVSS8.3AI score0.02886EPSS
Exploits1References5
OSV
OSV
added 2022/05/17 8:15 p.m.4 views

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

7.8CVSS5.8AI score0.00375EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:30 p.m.6 views

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

7.8CVSS7.2AI score0.00375EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:30 p.m.5 views

CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...

8.8CVSS7.4AI score0.00846EPSS
Exploits0References2
Rows per page
Query Builder