Lucene search
K

36 matches found

NVD
NVD
added 2024/05/14 1:46 p.m.21 views

CVE-2023-42955

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the...

6.1CVSS6.4AI score0.0045EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 11:15 p.m.20 views

Hardcoded credentials

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

5CVSS7.5AI score0.00926EPSS
Exploits0References2
NVD
NVD
added 2023/03/21 5:15 p.m.13 views

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1CVSS7.9AI score0.00777EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 p.m.15 views

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

8.8CVSS8.7AI score0.01208EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2022:4457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.3AI score0.00316EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2022/04/09 6:51 a.m.34 views

CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1

CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1. An upgraded version of the package is available that resolves this issue...

8.2CVSS9.5AI score0.82295EPSS
Exploits0
OSV
OSV
added 2022/03/08 12:0 a.m.22 views

CVE-2022-24716 Path traversal in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

7.5CVSS7.3AI score0.89378EPSS
Exploits8References6
Cvelist
Cvelist
added 2021/10/06 5:10 p.m.32 views

CVE-2021-41121 Memory corruption in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

7.5CVSS9.1AI score0.01039EPSS
Exploits0References2
RustSec
RustSec
added 2020/09/27 12:0 p.m.25 views

VecCopy allows misaligned access to elements

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...

5.5CVSS2.3AI score0.00374EPSS
Exploits1Affected Software1
UbuntuCve
UbuntuCve
added 2020/03/11 11:15 p.m.20 views

CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS7.1AI score0.07884EPSS
Exploits0References2
Hacker One
Hacker One
added 2019/05/02 11:5 p.m.30 views

HackerOne: Open Redirection in [https://www.hackerone.com/index.php]

You are resolved open redirect issue report 439075.This report publicly disclosed. but this issue again work at this time. When a user visit http://www.hackerone.com/index.php/index.php.evil.com user will be redirected to www.hackerone.com.evil.com Steps To Reproduce Click on this link...

0.5AI score
Exploits0
Cvelist
Cvelist
added 2019/04/17 9:55 p.m.25 views

CVE-2019-1711 Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...

5.3CVSS7.7AI score0.02299EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/04/24 11:56 a.m.23 views

Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage

In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this...

2.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/04/24 6:8 p.m.9 views

adf.ly Open Redirect vulnerability

Vulnerable URL: http://adf.ly/ad/locked?url=//openbugbounty.org/=s Details: Description| Value ---|--- Patched:| Yes, at 04.05.2016 Latest check for patch:| 04.05.2016 03:50 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 127 VIP website status:| Yes...

6.8AI score
Exploits0
Oracle linux
Oracle linux
added 2015/04/15 12:0 a.m.79 views

java-1.7.0-openjdk security update

1:1.7.0.75-2.5.5.1.0.1.el71 - Update DISTRONAME in specfile 1:1.7.0.75-2.5.5.1 - repacked sources - Resolves: rhbz1209072 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Remove test case for RH1191652 now fix has been verified. - Drop AArch6...

10CVSS3.1AI score0.07224EPSS
Exploits1
Oracle linux
Oracle linux
added 2011/02/11 12:0 a.m.50 views

java-1.6.0-openjdk security update

1.6.0.0-1.36.b17 - removed plugin. How it comes in?! - Resolves: rhbz676295 1.6.0.0-1.33.b17 - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz676295 1.6.0.0-1.22.b17 - Updated to 1.7.9 tarball - removed patch6, fixed upstrream ...

5CVSS4.5AI score0.2349EPSS
Exploits1
Rows per page
Query Builder