Lucene search
K

825 matches found

RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.5 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.7AI score0.99931EPSS
Exploits41References7
Hacker One
Hacker One
added 2024/12/16 3:38 p.m.9 views

Nextcloud: [nextcloud/mail] Blind SSRF to Internal Network via "List-Unsubscribe" SMTP Header when allow_local_remote_servers is allowed

Vulnerability description not provided...

6.8AI score
Exploits0
NVD
NVD
added 2024/12/13 11:15 a.m.12 views

CVE-2021-32007

This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers...

3.5CVSS0.00256EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/25 12:12 a.m.4 views

h2: Loading of custom classes from remote servers through JNDI

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

10CVSS8AI score0.64766EPSS
Exploits4References5
F5 Networks
F5 Networks
added 2024/11/22 9:6 p.m.25 views

K000148693: libssh2 vulnerability CVE-2015-1782

Security Advisory Description The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet. CVE-2015-1782 Impact There is no impact; F5 products are not affected ...

6.8CVSS6.7AI score0.03501EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/11/06 5:30 a.m.710 views

Exploit for OS Command Injection in Php

CVE-2024-4577 RCE Exploit While implementing PHP, the team d...

9.8CVSS9.7AI score0.99998EPSS
Exploits101
Microsoft CVE
Microsoft CVE
added 2024/10/15 7:0 a.m.4 views

The Samba AD DC administration tool when operating against a remote LDAP server will by default send new or reset passwords over a signed-only connection.

...

5.9CVSS6.7AI score0.00484EPSS
Exploits0
OSV
OSV
added 2024/10/04 4:38 p.m.47 views

BIT-PYTHON-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS7.8AI score0.02453EPSS
Exploits1References38
CVE
CVE
added 2024/07/09 3:33 p.m.54 views

CVE-2023-50178

FortiADC is affected by an improper certificate validation vulnerability (CWE-295) that may allow remote, unauthenticated attackers to perform a Man-in-the-Middle on the channel between FortiADC devices and remote servers (e.g., private SDN connectors, FortiToken Cloud). Connected sources consist...

7.4CVSS7.3AI score0.002EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/07/04 8:0 a.m.13 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to improper validation of remote server requests in shared channels with multiple connected remote servers, allowing a malicious remote server to change the profile images of users belonging...

5.3CVSS7.1AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/03 8:29 a.m.13 views

CVE-2024-36257 Lack of permission check when updating the profile picture of a remote user (shared channels enabled)

Mattermost versions 9.5.x = 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious...

2.7CVSS6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.9 views

PT-2024-26936 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises when Mattermost is used with shared channels and multiple remote servers are connected. In such cases, the system fails to verify that the remote...

5.3CVSS7.3AI score0.00303EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.4 views

Conduit Security Vulnerabilities

Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in versions prior to Conduit v0.8.0 that stems from an unauthenticated source in the federated API, resulting in any remote server being able to impersonate any user in a...

7.5CVSS6.9AI score0.00168EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.10 views

RHEL 5 : libxrandr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXrandr: Insufficient validation of server responses result in various data mishandlings CVE-2016-7948 ...

9.8CVSS8.3AI score0.03629EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 6 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c CVE-2018-7225 -...

9.8CVSS9.8AI score0.15089EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 7 : libxtst (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXtst: Insufficient validation of server responses result in Integer overflows CVE-2016-7951 - X.org...

9.8CVSS9.8AI score0.02435EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : libvncserver (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libvncserver: Multiple heap out-of-bound writes in VNC client code Incomplete fix for CVE-2018-20019...

9.8CVSS9.8AI score0.09392EPSS
Exploits1References13
OSV
OSV
added 2024/05/15 9:24 p.m.17 views

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

4.4CVSS5.3AI score0.00237EPSS
Exploits0References8
CVE
CVE
added 2024/05/15 9:24 p.m.50 views

CVE-2024-35183

CVE-2024-35183 affects wolfictl (Wolfi) and involves a git authentication issue in versions before 0.16.10. The vulnerability arises from a GetGitAuth flow that reads a GitHub token from the GITHUB_TOKEN environment variable and uses it for HTTP basic auth with go-git, in cases where the remote r...

4.4CVSS7.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/15 9:24 p.m.25 views

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

4.4CVSS5.4AI score0.00237EPSS
Exploits0References6
Rows per page
Query Builder