Lucene search
+L

65 matches found

osv
osv
added 2024/04/04 9:15 a.m.4 views

UBUNTU-CVE-2024-26750

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...

5.5CVSS5.9AI score0.00224EPSS
Exploits0References13
vulnrichment
vulnrichment
added 2024/04/04 8:20 a.m.20 views

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

6.7AI score0.00222EPSS
Exploits0References5
osv
osv
added 2023/08/03 12:0 p.m.11 views

UBUNTU-CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

7.9CVSS7AI score0.00763EPSS
Exploits0References6
rapid7blog
rapid7blog
added 2023/08/02 6:30 p.m.13 views

Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market

In a post-pandemic landscape, the interconnectedness of cybersecurity is front and center. Few could say that they were not at least aware of, if not directly affected by, the downstream effects of major breaches that cause impacts felt across economies. One should look at disruptions in the glob...

6.5AI score
Exploits0
hackerone
hackerone
added 2023/03/18 7:27 a.m.479 views

Fastly VDP: Unauthenticated cache purging

An unauthenticated cache purging vulnerability was found in the website of Fanout.io, allowing unauthenticated users to purge the cache of the website. This could potentially lead to various types of attacks such as website defacement, unauthorized access to sensitive data, or denial of service D...

7.1AI score
Exploits0
nvd
nvd
added 2021/11/02 12:15 p.m.27 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.5CVSS0.00588EPSS
Exploits0References2
osv
osv
added 2021/11/02 12:15 p.m.4 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.5CVSS7.1AI score0.00588EPSS
Exploits0References2
prion
prion
added 2021/11/02 12:15 p.m.16 views

Design/Logic Flaw

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

5CVSS7.6AI score0.00588EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/11/02 11:39 a.m.29 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.8AI score0.00588EPSS
Exploits0References2
cve
cve
added 2021/11/02 11:39 a.m.47 views

CVE-2021-37842

CVE-2021-37842 affects Couchbase Server 7.0.0 (metakv). The issue arises from using cleartext storage of sensitive information, enabling potential leakage of Remote Cluster XDCR credentials in debug logs when a config key being logged has an attached tombstone purge timestamp. The Connected docum...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References2Affected Software1
github
github
added 2021/09/02 10:0 p.m.43 views

Traefik has an Improper Certificate Handling issue

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...

7.5CVSS7.1AI score0.00721EPSS
Exploits0References6Affected Software1
attackerkb
attackerkb
added 2021/08/25 12:0 a.m.2 views

CVE-2021-38342

The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other...

8.1CVSS7.3AI score0.00492EPSS
Exploits0References3Affected Software1
altlinux
altlinux
added 2021/06/30 12:0 a.m.50 views

Security fix for the ALT Linux 9 package mediawiki version 1.36.1-alt1

1.36.1-alt1 built June 30, 2021 Vitaly Lipatov in task 274917 June 27, 2021 Vitaly Lipatov - new version 1.36.1 with rpmrb script - T280226, CVE-2021-35197: Prevent blocked users from purging pages...

5CVSS7.7AI score0.01943EPSS
Exploits1
cnnvd
cnnvd
added 2021/05/14 12:0 a.m.6 views

haml 跨站脚本漏洞

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

7.7CVSS5.2AI score0.007EPSS
Exploits1References4
debian
debian
added 2021/01/05 8:58 p.m.16 views

[SECURITY] [DSA 4806-2] minidlna regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4806-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 05, 2021 https://www.debian.org/security/faq -...

2.3AI score
Exploits0
fireeye
fireeye
added 2020/11/19 12:0 a.m.388 views

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

7.1AI score
Exploits0References16
mskb
mskb
added 2020/04/09 12:0 a.m.186 views

System Center 2012 Operations Manager SP1 Update Rollup 5

System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...

7.4AI score
Exploits0
osv
osv
added 2020/03/16 7:15 p.m.17 views

CVE-2020-9321

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...

7.5CVSS6.8AI score
Exploits0References2
prion
prion
added 2020/03/16 7:15 p.m.22 views

Code injection

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...

5CVSS7.5AI score0.00721EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/03/16 6:14 p.m.27 views

CVE-2020-9321

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...

7.5AI score0.00721EPSS
Exploits0References2
Rows per page
Query Builder