Lucene search
K

53 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.24 views

Azure Linux 3.0 Security Update: containerd / containerd2 / moby-containerd / moby-containerd-cc (CVE-2024-40635)

The version of containerd / containerd2 / moby-containerd / moby-containerd-cc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40635 advisory. - containerd is an open-source container runtime. A b...

7.8CVSS6.3AI score0.00275EPSS
Exploits1References2
NVD
NVD
added 2025/05/03 7:15 p.m.30 views

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service...

6.5CVSS0.00321EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.11 views

Amazon Linux 2 : containerd (ALASDOCKER-2025-054)

The version of containerd installed on the remote host is prior to 1.7.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-054 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4...

7.8CVSS6.4AI score0.00275EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-0640 Stored XSS in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

5.6CVSS0.00248EPSS
Exploits1References2
NVD
NVD
added 2025/03/17 10:15 p.m.16 views

CVE-2024-40635

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

7.8CVSS0.00275EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/03/17 9:24 p.m.20 views

containerd has an integer overflow in User ID handling

Impact A bug was found in containerd where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root UID 0. This could cause unexpected behavior for environments that require container...

7.8CVSS6.9AI score0.00275EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2024/12/16 12:0 a.m.53 views

CVE-2024-56085

Vulnerability overview (CVE-2024-56085) : Logpoint versions before 7.5.0 expose a Server-Side Template Injection (SSTI) in the process of creating a Search Template Dashboard . Authenticated users can inject payloads that are executed on the server side, indicating a flaw in the template renderin...

5.9CVSS6.5AI score0.00288EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 4:6 p.m.13 views

CVE-2024-52901 IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation...

6.5CVSS6.5AI score0.00522EPSS
Exploits0References1
NVD
NVD
added 2024/12/10 5:15 p.m.32 views

CVE-2024-55602

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...

8.5CVSS0.00683EPSS
Exploits1References5
OSV
OSV
added 2024/11/26 8:17 p.m.4 views

CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion

lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit a...

5.7CVSS6.5AI score0.00341EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/09/17 5:55 p.m.26 views

Sentry improperly authorizes deletion of user issue alert notifications

Impact An authenticated user may delete user issue alert notifications for arbitrary users given a known alert ID. Patches A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action...

6.5CVSS6.8AI score0.00386EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.12 views

PT-2024-36675 · WordPress · Bug Library

Name of the Vulnerable Software and Affected Versions: The Bug Library WordPress plugin versions prior to 2.1.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

5.9CVSS5.3AI score0.00369EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 11:14 a.m.14 views

BIT-GITLAB-2022-3066

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project...

5.4CVSS5.3AI score0.00516EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/07 8:28 p.m.10 views

rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS6.2AI score0.01437EPSS
Exploits1References4
OSV
OSV
added 2022/08/29 2:40 p.m.10 views

CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...

4.3CVSS6.1AI score0.00645EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.4 views

PT-2022-13798 · WordPress · Event Timeline Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Event Timeline WordPress plugin versions 1.1.5 and earlier Description: The issue allows high-privileged users, such as admins, to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Timeline Text, even when...

4.8CVSS4.9AI score0.00511EPSS
Exploits2References5
Rockylinux
Rockylinux
added 2022/06/28 10:52 a.m.10 views

samba bug fix and enhancement update

An update is available for samba. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...

2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/01/18 4:51 p.m.11 views

CVE-2021-37865 Server-side Denial of Service while processing a specifically crafted GIF file

Mattermost 6.2 and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service...

4.3CVSS6.6AI score0.00897EPSS
Exploits0References2
Citrix
Citrix
added 2021/06/30 12:0 a.m.12 views

Error "Relay State and response does not match with roll in action" after following CTX316577

After following the steps inCTX316577some users see error "Relay State and response does not match with roll in action"...

7.1AI score
Exploits0
Citrix
Citrix
added 2020/09/30 12:0 a.m.11 views

Desktop Viewer toolbar does not show up in session using Web Interface

The black Desktop Viewer toolbar does not show up in the XenApp or XenDesktop ICA session of the user...

7.1AI score
Exploits0
Rows per page
Query Builder