Lucene search
+L

160 matches found

nessus
nessus
added 2024/10/10 12:0 a.m.24 views

Fedora 40 : firefox (2024-db72f480e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-db72f480e8 advisory. - New upstream version 131.0.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.8CVSS8.7AI score0.32568EPSS
Exploits1References2
nessus
nessus
added 2024/09/10 12:0 a.m.15 views

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - It was possible to construct specific XSLT markup that woul...

10CVSS8.2AI score0.99735EPSS
Exploits37References387
nessus
nessus
added 2024/08/09 12:0 a.m.5 views

Fedora 39 : xrdp (2024-41c1bf8de6)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-41c1bf8de6 advisory. Release notes for xrdp v0.10.1 2024/07/31 General announcements A clipboard bugfix included in this release is sponsored by Krmer Pferdesport GmbH & Co KG. W...

6.1AI score
Exploits0References1
nessus
nessus
added 2024/07/18 12:0 a.m.78 views

NVIDIA CUDA Toolkit < 12.6 (July 2024)

The version of NVIDIA CUDA Toolkit installed on the remote host is prior to 12.6. It is, therefore, affected by a denial of service vulnerability as referenced in the July 2024 advisory. An unauthenticated, local attacker, can exploit this, by deceiving a user into reading a malformed ELF file, t...

5.5CVSS5.5AI score0.00245EPSS
Exploits0References2
nessus
nessus
added 2024/07/03 12:0 a.m.30 views

AlmaLinux 8 : nghttp2 (ALSA-2024:4252)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4252 advisory. nghttp2: CONTINUATION frames DoS CVE-2024-28182 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that Ness...

5.3CVSS7.1AI score0.8496EPSS
Exploits1References2
nessus
nessus
added 2024/06/01 12:0 a.m.28 views

Fedora 39 : python3.6 (2024-18b9c9b9cf)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-18b9c9b9cf advisory. Security fix for CVE-2024-0450 and CVE-2023-6597 Tenable has extracted the preceding description block directly from the Fedora security advisory...

7.8CVSS7.1AI score0.00336EPSS
Exploits0References3
atlassian
atlassian
added 2024/03/21 6:45 p.m.155 views

Jira - CVE-2024-22243

h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...

8.1CVSS6.5AI score0.03967EPSS
Exploits1Affected Software1
osv
osv
added 2024/03/06 10:57 a.m.42 views

BIT-GITLAB-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

9.8CVSS7.2AI score0.08263EPSS
Exploits0References3
nessus
nessus
added 2024/02/08 12:0 a.m.8 views

Microsoft Azure Detected

This is an informational notice that the scanner was able to detect that the target application is using a Microsoft Azure service. No source data...

7.1AI score
Exploits0References1
qualysblog
qualysblog
added 2023/12/08 1:25 p.m.30 views

OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)

OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code...

8.1AI score0.02231EPSS
Exploits0
malwarebytes
malwarebytes
added 2023/11/30 4:3 p.m.126 views

Associated Press, ESPN, CBS among top sites serving fake virus alerts

ScamClub is a threat actor whos been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their...

7.2AI score
Exploits0
wpvulndb
wpvulndb
added 2023/11/06 12:0 a.m.15 views

Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. PoC Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...

7.5CVSS7.5AI score0.00653EPSS
Exploits2Affected Software1
redhatcve
redhatcve
added 2023/10/09 5:57 p.m.43 views

CVE-2023-3932

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan...

8.2CVSS8.8AI score0.00878EPSS
Exploits1References3
thn
thn
added 2023/09/20 7:18 a.m.151 views

GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 CVSS score: 9.6, impacts all versions of GitLab Enterprise Edition EE starting from 13.12 and prior to 16.2.7 as well as from 16.3 and befor...

10CVSS8.8AI score0.99731EPSS
Exploits31
nvd
nvd
added 2023/09/19 8:16 a.m.39 views

CVE-2023-5009

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

9.8CVSS7.1AI score0.08263EPSS
Exploits0References2
prion
prion
added 2023/09/19 8:16 a.m.33 views

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

7.5CVSS6.6AI score0.08263EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2023/09/19 7:1 a.m.10 views

CVE-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

8.2CVSS9.7AI score0.08263EPSS
Exploits0References2
cve
cve
added 2023/09/19 7:1 a.m.268 views

CVE-2023-5009

CVE-2023-5009 affects GitLab EE versions 13.12–before 16.2.7 and 16.3–before 16.3.4. An attacker could run pipeline jobs as an arbitrary user via scheduled security scan policies, bypassing CVE-2023-3932 and adding impact. The issue is described as a bypass of CVE-2023-3932 with additional impact...

9.8CVSS7.3AI score0.08263EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/09/19 7:1 a.m.41 views

CVE-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

8.2CVSS8.2AI score0.08263EPSS
Exploits0References2
osv
osv
added 2023/09/19 7:1 a.m.30 views

CVE-2023-5009 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of CVE-2023-3932...

8.2CVSS8.1AI score0.08263EPSS
Exploits0References5
Rows per page
Query Builder