Lucene search
K

384 matches found

Vulnrichment
Vulnrichment
added 2023/05/17 12:0 a.m.27 views

CVE-2023-31698

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting XSS via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content users cannot create their own accounts through self-registration...

5.9AI score0.02586EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.9 views

PT-2023-9257 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions 0.13.0 and earlier Description: The issue allows an attacker to delete or modify arbitrary files on a vulnerable Gogs server. This can be exploited by a remote attacker. Unprivileged user accounts can execute arbitrary commands ...

9.9CVSS7.1AI score0.50697EPSS
Exploits0References32
NVD
NVD
added 2023/04/19 6:15 p.m.66 views

CVE-2023-30612

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

4.9CVSS4.7AI score0.0036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.5 views

PT-2023-2194 · Zoom · Zoom Client For It Admin

Name of the Vulnerable Software and Affected Versions: Zoom Client for IT Admin versions prior to 5.13.5 Description: The issue is related to a local privilege escalation vulnerability in the Zoom Client for IT Admin Windows installers. It is caused by synchronization errors when using a shared...

7.8CVSS7.7AI score0.00185EPSS
Exploits0References5
Veracode
Veracode
added 2023/03/12 4:42 a.m.29 views

Information Disclosure

netdata is vulnerable to Information Disclosure. Netdata Agents have an automatically generated MACHINE GUID that is saved to disk and can persist across restarts and reboots. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents children, offloading childre...

9.1CVSS8.7AI score0.0068EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/16 3:15 p.m.2 views

DEBIAN-CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.4AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 3:15 p.m.6 views

AZL-13674 CVE-2023-25153 affecting package moby-containerd for versions less than 1.6.18-2

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

5.5CVSS6.5AI score0.00363EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 3:15 p.m.32 views

Design/Logic Flaw

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

1.9CVSS6.2AI score0.00363EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/02/16 2:9 p.m.42 views

CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

6.2CVSS6.7AI score0.00363EPSS
Exploits0
Cvelist
Cvelist
added 2023/02/16 2:9 p.m.21 views

CVE-2023-25153 containerd OCI image importer memory exhaustion

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug h...

6.2CVSS6.9AI score0.00363EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.4 views

SUSE CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS6.8AI score0.01562EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/12/12 9:15 a.m.5 views

CVE-2022-41296

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210...

8.8CVSS5.7AI score0.00471EPSS
Exploits0References3
OSV
OSV
added 2022/12/08 12:0 a.m.8 views

UBUNTU-CVE-2022-23471

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

6.5CVSS6.8AI score0.01022EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/07 10:51 p.m.26 views

CVE-2022-23471 containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, f...

5.7CVSS7.4AI score0.01022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-5600 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.0 Description: A vulnerability in Example Dags of Apache Airflow is related to incorrect management of code generation. This issue allows an attacker with UI access who can trigger DAGs to execute arbitrar...

10CVSS8.2AI score0.85653EPSS
Exploits2References21
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.5 views

IBM Cognos Analytics 跨站请求伪造漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation of the United States. IBM Cognos Analytics versions 11.1.7, 11.2.0 and 11.2.1 contain a security vulnerability that allows an attacker to perform malicious and unauthorized actions transmitted from a trusted us...

6.5CVSS6.6AI score0.00326EPSS
Exploits0References4
OSV
OSV
added 2022/08/26 6:15 p.m.2 views

CVE-2022-31773

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357...

8.8CVSS5.7AI score0.00359EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 12:0 a.m.3 views

CVE-2022-31773

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357...

8.8CVSS5.3AI score0.00359EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/07/26 3:15 p.m.4 views

CVE-2022-35286

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814...

8.8CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/25 12:0 a.m.4 views

CVE-2022-35286

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814...

8.8CVSS5.7AI score0.00266EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder