Lucene search
K

327 matches found

Cvelist
Cvelist
added 2023/04/18 8:35 p.m.28 views

CVE-2023-26049 Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

2.4CVSS5.8AI score0.013EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2023/04/18 8:35 p.m.27 views

CVE-2023-26049

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double...

5.3CVSS6.7AI score0.013EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/03/10 12:56 p.m.28 views

When Partial Protection is Zero Protection: The MFA Blind Spots No One Talks About

Multi-factor Authentication MFA has long ago become a standard security practice. With a wide consensus on its ability to fend off more than 99% percent of account takeover attacks, it's no wonder why security architects regard it as a must-have in their environments. However, what seems to be le...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.6 views

Debian: Security Advisory (DLA-250-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.4 views

PT-2023-35493 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.306 Description: The issue is related to the usb bulk msg function in the Linux Kernel's USB subsystem. It involves passing act len in the error path, which may have potential security implications. The...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/24 12:0 a.m.26 views

WordPress 'wp-cron.php' Accessible/Enabled (HTTP) - Active Check

The remote WordPress instance might have a default setup of SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

5.3CVSS5.4AI score0.01659EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.41 views

K85235351: cURL and libcurl vulnerability CVE-2016-8624

Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...

7.5CVSS7.5AI score0.05915EPSS
Exploits0Affected Software24
Hacker One
Hacker One
added 2023/02/14 12:10 a.m.22 views

TD Bank: Reflected XSS on marketsandresearch.td.com

Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...

6.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-34728 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.30 through 4.9.336 Description: A possible memory leak issue was identified, which may have potential security implications. The issue was introduced in version 2.6.30 and is fixed in version 4.9.337. Recommendations...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.2 views

PT-2023-33151 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the removal of used dynamic events, which may lead to security implications. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.2 views

PT-2023-33318 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.158 Description: The issue concerns the removal of used dynamic events, which may lead to the freeing of buffers. This could potentially have security implications, although the actual impact and attack...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33373 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.226 Description: The issue concerns the removal of used dynamic events, which may lead to security implications. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33919 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: A possible memory leak issue was discovered, which may have potential security implications. The issue was introduced in version v2.6.30 and is fixed in Linux Kernel version v6.0.16...

7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2023/01/06 4:20 p.m.29 views

CVE-2020-36643

...

Exploits0
Github Security Blog
Github Security Blog
added 2023/01/05 12:18 p.m.111 views

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)

Impact The sanitize-svg package uses a deny-list-pattern to sanitize SVGs to prevent cross-site scripting XSS. In doing so, literal -tags and on-event handlers were detected: typescript ... const svgEl = div.firstElementChild! const attributes = Array.fromsvgEl.attributes.map name = name const...

7.6CVSS5.8AI score0.00571EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/11/11 12:3 a.m.45 views

GHSA-VP35-85Q5-9F25 Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

7.5AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/11 12:3 a.m.51 views

Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

5.5CVSS0.8AI score0.01336EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/31 4:15 p.m.19 views

CVE-2020-35536

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.2AI score
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/08/12 12:0 a.m.11 views

Event-Driven Architectures & the Security Implications

This article explores event-driven architecture EDA with a detailed definition and explains how EDA offers many essential benefits to developers. It concludes with an outline of some best practices for mitigating security concerns...

3.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/04 3:50 p.m.35 views

Who Has Control: The SaaS App Admin Paradox

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team...

7.6AI score
Exploits0
Rows per page
Query Builder