Lucene search
K

246 matches found

Veracode
Veracode
added 2024/10/16 11:59 a.m.3 views

Spoofing Attack

github.com/containerd/containerd is vulnerable to Spoofing Attack. The vulnerability is due to the lack of a definitive specification for manifest and index documents in the OCI Distribution and Image Specifications, allows different interpretations based on the Content-Type header...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-10983 · Unknown · Bluetooth Core Specification

Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specifications versions 2.1 through 5.3 Description: The issue concerns Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol. It may allow an unauthenticated...

6.8CVSS6.6AI score0.00243EPSS
Exploits0References10
Fedora
Fedora
added 2024/09/06 3:53 a.m.10 views

[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

7.3AI score
Exploits0
Fedora
Fedora
added 2024/09/03 7:32 a.m.11 views

[SECURITY] Fedora 41 Update: lua-mpack-1.0.12-1.fc41

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2024/07/16 11:44 a.m.33 views

CVE-2022-48827 NFSD: Fix the behavior of READ near OFFSET_MAX

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d "NFS: Always provide aligned buffers to the RPC read layers" on the client, a read of 0xfff is aligned up to server rsize of 0x1000. As a...

0.00263EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/16 11:44 a.m.18 views

CVE-2022-48827 NFSD: Fix the behavior of READ near OFFSET_MAX

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d "NFS: Always provide aligned buffers to the RPC read layers" on the client, a read of 0xfff is aligned up to server rsize of 0x1000. As a...

7AI score0.00263EPSS
Exploits0References4
CVE
CVE
added 2024/07/01 8:48 p.m.70 views

CVE-2024-38367

CVE-2024-38367 concerns the CocoaPods trunk authentication server (trunk.cocoapods.org). The underlaying issue was a vulnerability in the trunk sessions verification step that could be manipulated to hijack the owner’s session, potentially yielding a full takeover of the CocoaPods trunk account. ...

9.6CVSS9AI score0.11131EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/07/01 8:48 p.m.17 views

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

8.2CVSS7.3AI score0.11131EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2024/06/30 7:0 a.m.4 views

CVE-2023-26484

...

8.2CVSS7.5AI score0.00611EPSS
Exploits0
CVE
CVE
added 2024/03/26 5:50 p.m.175 views

CVE-2024-26650

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

7.5AI score
Exploits0
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.5 views

Notary Project Specifications Security Vulnerabilities

Notary Project Specifications is a repository for the Notary Project. A security vulnerability exists in Notary Project Specifications that stems from the use of artifacts whose signatures are no longer valid...

6.8CVSS6.8AI score0.00288EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2023/11/06 2:0 p.m.29 views

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

7.5AI score
Exploits0
NVD
NVD
added 2023/10/31 12:15 a.m.23 views

CVE-2023-46138

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

5.3CVSS4.7AI score0.00316EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/30 11:53 p.m.26 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS5.6AI score0.00316EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/30 11:53 p.m.14 views

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

3.7CVSS7AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2023/10/30 11:53 p.m.41 views

CVE-2023-46138

CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...

5.3CVSS4.9AI score0.00316EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.25 views

Design/Logic Flaw

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...

5CVSS5.5AI score0.00705EPSS
Exploits1References2Affected Software1
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.11 views

Prime.sol: stakedAt value is not deleted when manually issuing an irrevocable token

Lines of code Vulnerability details Impact Protocol specifications state that a user cannot have less than the minimum xvs staked if they are not irrevocable prime token users. In other words, only holders of irrevocables prime tokens can have less than the minimum xvs staked. The problem arises...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/06/02 12:0 a.m.7 views

Fedora: Security Advisory for edk2 (FEDORA-2023-ca393d660a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2023/06/01 4:15 p.m.39 views

CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester

libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...

5.7CVSS7.7AI score0.00713EPSS
Exploits0References3
Rows per page
Query Builder