Lucene search
K

123 matches found

Vulnrichment
Vulnrichment
added 2023/05/31 12:0 a.m.8 views

CVE-2023-34258

An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...

7.9AI score0.00809EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/05/20 12:0 a.m.13 views

Fedora: Security Advisory for nispor (FEDORA-2023-bf311772cf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/05/07 1:24 a.m.19 views

[SECURITY] Fedora 38 Update: nispor-1.2.10-4.fc38

Unified interface for Linux network state querying...

7.5CVSS7.1AI score0.01121EPSS
Exploits1
OSV
OSV
added 2023/04/18 10:35 p.m.23 views

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

6.5CVSS7.3AI score0.00835EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.4 views

PT-2023-22779 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. The issue arises from the sql/instance.py endpoint's describ...

6.5CVSS6.9AI score0.00835EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 6:26 p.m.31 views

K21230183: NTP vulnerability CVE-2015-7976

Security Advisory Description The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 Impact A remote user who uses the ntp...

4.3CVSS6.3AI score0.03512EPSS
Exploits0Affected Software22
NVD
NVD
added 2022/12/06 1:15 a.m.24 views

CVE-2022-46151

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

6.3CVSS0.00415EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/06 12:33 a.m.23 views

CVE-2022-46151 Reflected XSS

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

6.3CVSS6.2AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2022/12/06 12:33 a.m.48 views

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

6.3CVSS6.1AI score0.00415EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/17 5:15 a.m.15 views

Authentication flaw

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long tens of kBs and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks...

5CVSS7.4AI score0.00661EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android ActivityManager component that stems from a lack of privilege checking, with a possible way to check the functionality of another process...

3.3CVSS5.1AI score0.00089EPSS
Exploits0References2
Fedora
Fedora
added 2022/07/31 1:37 a.m.14 views

[SECURITY] Fedora 36 Update: jid-0.7.6-10.fc36

JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...

2.3AI score
Exploits0
Fedora
Fedora
added 2022/07/17 1:16 a.m.17 views

[SECURITY] Fedora 35 Update: jid-0.7.6-9.fc35

JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...

9.3CVSS2.3AI score0.05994EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.21 views

[SECURITY] Fedora 36 Update: jid-0.7.6-9.fc36

JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...

9.3CVSS8.1AI score0.05994EPSS
Exploits4
Veracode
Veracode
added 2022/06/29 6:1 p.m.24 views

Information Disclosure

Mermaid is vulnerable to information disclosure. The vulnerability exists due to a css injection into the generated graph allowing for arbitrary graph modification leading to information disclosure by querying form data by css selectors...

6.1CVSS6AI score0.00849EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2022/06/14 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2022:2062-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.26709EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/06/03 12:0 a.m.40 views

RHEL 7 : thunderbird (RHSA-2022:4891)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4891 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Security Fixes: Mozilla:...

9.8CVSS8.1AI score0.01055EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2022/06/03 12:0 a.m.35 views

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:4870)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:4870-1 advisory. - Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 - Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 - Mozilla: Browser window...

9.8CVSS8.1AI score0.01055EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/06/03 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:1920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.01055EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/25 12:0 a.m.31 views

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications...

6.5CVSS2.6AI score0.58023EPSS
In wildExploits3
Rows per page
Query Builder