Lucene search
K

825 matches found

OSV
OSV
added 2024/05/15 8:2 p.m.53 views

GHSA-8FG7-HP93-QHVR wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...

4.4CVSS5.1AI score0.00237EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 6 : rsync (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rsync: daemon does not check for fnamecmp filenames allowing for access restriction bypass CVE-2017-17434...

8.5AI score0.06337EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/09 5:58 a.m.3 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/16 10:45 a.m.4 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/11 5:0 p.m.5 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/19 2:13 p.m.6 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/01 8:19 a.m.4 views

squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

7.5CVSS5.8AI score0.88864EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/11/08 8:20 a.m.3 views

python: CPU denial of service via inefficient IDNA decoder

A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA RFC 3490 decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be...

7.5CVSS6.9AI score0.02453EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.15 views

Fedora 39 : pypy (2023-5460cf6dfb)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5460cf6dfb advisory. Security fix for CVE-2022-45061 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.5CVSS7.1AI score0.02453EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.26 views

Rocky Linux 9 : rsync (RLSA-2022:6181)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6181 advisory. - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The...

7.4CVSS8.2AI score0.01659EPSS
Exploits1References3
NVD
NVD
added 2023/08/19 6:15 a.m.19 views

CVE-2023-2110

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies tex...

8.2CVSS7.9AI score0.00333EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/08/19 5:34 a.m.15 views

CVE-2023-2316 Typora Local File Disclosure

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

7.4CVSS6.8AI score0.00569EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/19 5:34 a.m.28 views

CVE-2023-2316 Typora Local File Disclosure

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

7.4CVSS7.5AI score0.00569EPSS
Exploits1References2
OSV
OSV
added 2023/08/10 7:25 p.m.44 views

GHSA-6R78-M64M-QWCF Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/10 7:25 p.m.39 views

Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

6.8AI score
Exploits0References5Affected Software1
Snyk
Snyk
added 2023/08/08 9:0 p.m.4 views

Undesired Behavior

Overview Affected versions of this package are vulnerable to Undesired Behavior. It contains a dependency on the SponsorLink package, which runs an obfuscated closed-source executable at buildtime. That executable spawns OS processes and performs network requests, including transferring a...

3.3CVSS6.8AI score
Exploits0References2
Broadcom
Broadcom
added 2023/08/01 12:0 a.m.38 views

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...

7.4CVSS8.6AI score0.01659EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.18 views

EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2023-2415)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some input...

7.5CVSS7.1AI score0.02453EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.37 views

EulerOS Virtualization 3.0.6.0 : rsync (EulerOS-SA-2023-2204)

According to the versions of the rsync packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories...

7.4CVSS8.2AI score0.01659EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/06/12 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.8AI score0.01659EPSS
Exploits1References2
Rows per page
Query Builder