Lucene search
K

261 matches found

OSV
OSV
added 2023/02/08 8:15 p.m.15 views

AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 7:3 p.m.7 views

GSD-2023-1001316 libbpf: Avoid enum forward-declarations in public API in C++ mode

libbpf: Avoid enum forward-declarations in public API in C++ mode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

7.2AI score
Exploits0
NVD
NVD
added 2022/12/06 3:15 p.m.21 views

CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

9.8CVSS0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.3 views

PT-2022-27846 · Rackn · Rackn Digital Rebar

Name of the Vulnerable Software and Affected Versions: RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8...

9.8CVSS9.3AI score0.00692EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.6 views

CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

9.5AI score0.00692EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2022/10/21 12:0 a.m.44 views

java-17-openjdk security and bug fix update

1:17.0.5.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz2132934...

5.3CVSS1.4AI score0.02376EPSS
Exploits0
OSV
OSV
added 2022/03/11 6:15 p.m.4 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control...

9.8CVSS7.3AI score0.00984EPSS
Exploits0References1
NVD
NVD
added 2022/03/11 6:15 p.m.26 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control...

9.8CVSS0.00984EPSS
Exploits0References1
Prion
Prion
added 2022/03/11 6:15 p.m.17 views

Improper access control

The public API error causes for the attacker to be able to bypass API access control...

7.5CVSS9.3AI score0.00984EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.25 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control...

9.6AI score0.00984EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.6 views

PT-2022-4092 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC PCS 7 version V9.1 prior to V9.1 SP1 SIMATIC WinCC versions V7.4 through V7.4 prior to V7.4 SP1 Update 19 SIMATIC WinCC versions V7.5 through V7.5 prior to V7.5 SP2 Update 6 SIMATIC WinCC...

8.8CVSS8.2AI score0.00682EPSS
Exploits0References4
ICS
ICS
added 2022/02/08 12:0 a.m.109 views

Siemens SIMATIC WinCC and PCS

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2...

8.8CVSS8.6AI score0.00682EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/07/08 12:0 a.m.5 views

PT-2021-10508 · Baigo Cms · Baigo Cms

Name of the Vulnerable Software and Affected Versions: baigo CMS version 4.0-beta-1 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via the post parameter to the "/public/console/profile/info-submit/" API endpoint. Recommendations: For baigo CMS...

6.1CVSS6.1AI score0.01125EPSS
Exploits1References5
CNVD
CNVD
added 2021/03/04 12:0 a.m.6 views

OpenSSL Input Validation Error Vulnerability

OpenSSL is a powerful, commercial-grade, full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. It is also a general-purpose cryptographic library. An input validation error vulnerability exists in the OpenSSL public API that stems from the...

7.5CVSS5.8AI score0.50732EPSS
Exploits0References1
OSV
OSV
added 2021/02/25 5:6 p.m.5 views

OPENSUSE-SU-2021:0341-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static...

9.8CVSS9.5AI score0.02457EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.7 views

OpenSSL Code Issue Vulnerability

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

7.5CVSS6.8AI score0.50732EPSS
Exploits0References117
NVD
NVD
added 2021/02/03 4:15 p.m.20 views

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...

5.3CVSS0.0086EPSS
Exploits0References2
Prion
Prion
added 2021/02/03 4:15 p.m.18 views

Information disclosure

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...

5CVSS5.1AI score0.0086EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/03 3:18 p.m.21 views

CVE-2021-25760

In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible...

6.3AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2020/12/28 8:15 p.m.4 views

CVE-2020-14273

HCL Domino is susceptible to a Denial of Service DoS vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server...

7.5CVSS7.1AI score0.01206EPSS
Exploits1References1
Rows per page
Query Builder