Lucene search
+L

430 matches found

Redos
Redos
added 2023/07/06 12:0 a.m.12 views

ROS-2-1745

2.1745 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS9.3AI score0.03582EPSS
Exploits1
NVD
NVD
added 2023/06/29 3:15 p.m.31 views

CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

9.8CVSS9.4AI score0.47238EPSS
Exploits3References1
Prion
Prion
added 2023/06/29 3:15 p.m.18 views

Design/Logic Flaw

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

7.5CVSS9.3AI score0.47238EPSS
Exploits3References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/29 12:0 a.m.22 views

CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

6.7AI score0.47238EPSS
Exploits3References1
OSV
OSV
added 2023/06/25 3:15 a.m.5 views

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

7.5CVSS5.9AI score0.00944EPSS
Exploits1References1
NVD
NVD
added 2023/06/25 3:15 a.m.22 views

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

7.5CVSS7.5AI score0.00944EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/25 12:0 a.m.16 views

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

6.9AI score0.00944EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/25 12:0 a.m.27 views

CVE-2023-36612

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

7.7AI score0.00944EPSS
Exploits1References1
OSV
OSV
added 2023/06/20 8:15 a.m.7 views

CVE-2023-26434

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...

4.3CVSS5.8AI score0.01148EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/20 7:51 a.m.29 views

CVE-2023-26434

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...

4.3CVSS4.9AI score0.01148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/08 9:15 p.m.5 views

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

6.5CVSS6.5AI score0.03846EPSS
Exploits4References3
Citrix
Citrix
added 2023/05/19 12:0 a.m.8 views

Netscaler crash after upgrading to the version 13.1-45.63 with HTTP/2 enabled.

A NetScaler appliance might crash when an HTTP/2 enabled virtual server generates a response for an HTTP/2 request, instead of forwarding the request to the back-end service...

7.1AI score
Exploits0
CNVD
CNVD
added 2023/05/15 12:0 a.m.20 views

Rocket.Chat SQL Injection Vulnerability (CNVD-2023-43234)

Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...

5.3CVSS7.3AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2023/05/11 10:15 p.m.11 views

CVE-2023-28359

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...

5.3CVSS5.4AI score0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/11 12:0 a.m.14 views

CVE-2023-28359

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...

5.7AI score0.0061EPSS
Exploits0References1
OSV
OSV
added 2023/05/11 12:0 a.m.13 views

CVE-2023-28359

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...

5.3CVSS7.4AI score0.0061EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1862)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.01993EPSS
Exploits2References2
OSV
OSV
added 2023/04/27 3:30 a.m.54 views

GHSA-W7JM-9X4M-8QC3 User account enumeration in Serenity

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS5.4AI score0.01011EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/04/27 3:30 a.m.14 views

User account enumeration in Serenity

An issue was discovered in Serenity Serene and StartSharp before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist...

5.3CVSS6.9AI score0.01011EPSS
Exploits1References6Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.1 views

SUSE CVE-2009-3726

The nfs4proclock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service NULL pointer dereference and panic by sending a certain response containing incorrect file attributes, which trigger attempted use of an...

7.8CVSS6.5AI score0.12EPSS
Exploits1References8
Rows per page
Query Builder