Lucene search
K

5 matches found

Cvelist
Cvelist
added 2022/11/10 12:0 a.m.42 views

CVE-2022-41876 ezplatform-graphql GraphQL queries can expose password hashes

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.5CVSS7.8AI score0.01295EPSS
Exploits1References1
OSV
OSV
added 2020/06/05 2:21 p.m.31 views

GHSA-G6WQ-QCWM-J5G2 Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

8.2CVSS7.4AI score0.04404EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2009/03/06 12:0 a.m.34 views

RedHat Update for pcre RHSA-2007:1068-01

Check for the Version of pcre OpenVAS Vulnerability Test RedHat Update for pcre RHSA-2007:1068-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.8CVSS9.8AI score0.03661EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.36 views

RHEL 2.1 / 3 : tcpdump (RHSA-2004:008)

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP and RADIUS parsing. Updated 15 Jan 2004 Updated the text description to better describe the vulnerabilities found by Jonathan Heusser and give them CVE names. Tcpdump is a command-line tool for monitoring network traffi...

7.5CVSS5.7AI score0.05275EPSS
Exploits1References8
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

XSS vulnerability on contacts view

Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...

8.3CVSS6.7AI score0.00642EPSS
Exploits0Affected Software1
Rows per page
Query Builder