Lucene search
K

94 matches found

Cvelist
Cvelist
added 2023/12/01 7:1 a.m.30 views

CVE-2023-5226 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...

4.8CVSS7.6AI score0.00546EPSS
Exploits0References2
OSV
OSV
added 2023/12/01 7:1 a.m.24 views

CVE-2023-5226 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...

4.8CVSS7.3AI score0.00546EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/12/01 7:1 a.m.19 views

CVE-2023-5226

Removed by vendor...

7.5CVSS7.1AI score0.00546EPSS
Exploits0
Veracode
Veracode
added 2023/09/08 10:29 a.m.12 views

Race Condition

wiremock is vulnerable toa Race Condition. The vulnerability is due to the render function when DNS server's address expire between initial validation and an outbound network request, potentially leading to unintended access to prohibited domains...

6.6CVSS7.1AI score0.00571EPSS
Exploits0References3Affected Software4
OSV
OSV
added 2023/05/31 11:38 p.m.17 views

GHSA-F7QW-JJ9C-RPQ9 In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file

Note The official templates of Lima, and the well-known third party products Colima, Rancher Desktop, and Finch are unlikely to be affected by this issue. Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is...

2.7CVSS3.2AI score0.00268EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3411

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...

5CVSS8.2AI score0.05028EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.4 views

SUSE CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

7.3CVSS7AI score0.00425EPSS
Exploits1References62
OSV
OSV
added 2022/12/24 11:5 a.m.3 views

OESA-2023-1219 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

7.3CVSS7.8AI score0.00425EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2022/12/13 8:0 a.m.6 views

SQLite through 3.40.0 when relying on --safe for execution of an untrusted CLI script does not properly implement the azProhibitedFunctions protection mechanism and instead allows UDF functions such as WRITEFILE.

...

7.3CVSS6.4AI score0.00425EPSS
Exploits1
OSV
OSV
added 2022/12/12 6:15 a.m.4 views

UBUNTU-CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

7.3CVSS6.8AI score0.00425EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.3 views

SQLite 安全漏洞

SQLite is a lightweight database that is an ACID compliant relational database management system. A security vulnerability exists in SQLite 3.40.0 and prior versions that stems from not properly implementing the azProhibitedFunctions protection mechanism when relying on --safe to execute untruste...

7.3CVSS6.5AI score0.00425EPSS
Exploits1References12
OSV
OSV
added 2022/06/08 10:34 p.m.25 views

GHSA-67MX-JC2F-JGJM OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

9.8CVSS9.4AI score0.04483EPSS
Exploits1References6
Schneier on Security
Schneier on Security
added 2021/08/18 4:51 p.m.34 views

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

Apples NeuralHash algorithm -- the one its using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the...

0.9AI score
Exploits0
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.6 views

MediaWiki 信息泄露漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems...

4.3CVSS5.6AI score0.00803EPSS
Exploits0References5
OSV
OSV
added 2021/03/18 1:15 a.m.4 views

CVE-2021-20676

M-System DL8 series type A DL8-A versions prior to Ver3.0, type B DL8-B versions prior to Ver3.0, type C DL8-C versions prior to Ver3.0, type D DL8-D versions prior to Ver3.0, and type E DL8-E versions prior to Ver3.0 allows remote authenticated attackers to bypass access restriction and conduct...

4.3CVSS6.2AI score0.00769EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 12:56 a.m.240 views

CVE-2021-20676

CVE-2021-20676 concerns the M-System DL8 series (types A–E) prior to firmware Ver3.0. The vulnerability allows remote authenticated attackers to bypass access restrictions and perform prohibited operations via unspecified vectors. Affected products include DL8-A/B/C/D/E before Ver3.0; impact is t...

4.3CVSS4.6AI score0.00769EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/18 12:56 a.m.35 views

CVE-2021-20676

M-System DL8 series type A DL8-A versions prior to Ver3.0, type B DL8-B versions prior to Ver3.0, type C DL8-C versions prior to Ver3.0, type D DL8-D versions prior to Ver3.0, and type E DL8-E versions prior to Ver3.0 allows remote authenticated attackers to bypass access restriction and conduct...

5AI score0.00769EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2020/10/02 11:14 a.m.8 views

storiespace.com Cross Site Scripting vulnerability OBB-1377548

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Veracode
Veracode
added 2020/07/16 6:10 a.m.21 views

OS Command Injection

kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...

9.8CVSS6.4AI score0.19859EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/10/29 7:15 p.m.9 views

CVE-2009-3723

asterisk allows calls on prohibited networks...

7.5CVSS6.8AI score0.01226EPSS
Exploits0References4
Rows per page
Query Builder