Lucene search
+L

492 matches found

nvd
nvd
added 2024/11/15 4:15 p.m.35 views

CVE-2022-20814

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS0.00897EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/11/15 3:32 p.m.14 views

CVE-2022-20814 Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS7.2AI score0.00897EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/15 3:32 p.m.37 views

CVE-2022-20814 Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability

A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device...

7.4CVSS0.00897EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/11/15 3:27 p.m.16 views

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

7.4CVSS7.4AI score0.00615EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/15 3:27 p.m.15 views

CVE-2022-20853 Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerability

A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

7.4CVSS0.00615EPSS
Exploits0References4
susecve
susecve
added 2024/11/09 3:48 a.m.3 views

SUSE CVE-2024-50202

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for directo...

5.5CVSS7.6AI score0.00231EPSS
Exploits0References16
nvd
nvd
added 2024/11/08 6:15 a.m.13 views

CVE-2024-50175

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

5.5CVSS0.00219EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/08 5:23 a.m.38 views

CVE-2024-50175 media: qcom: camss: Remove use_count guard in stop_streaming

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove usecount guard in stopstreaming The usecount check was introduced so that multiple concurrent Raw Data Interfaces RDIs could be driven by different virtual channels VCs on the CSIPHY input driving the...

0.00219EPSS
Exploits0References4
susecve
susecve
added 2024/11/08 3:48 a.m.5 views

SUSE CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS6.9AI score0.0059EPSS
Exploits0References3
nvd
nvd
added 2024/11/07 1:15 a.m.19 views

CVE-2024-51990

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS0.0059EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/07 12:15 a.m.7 views

CVE-2024-51990 Path traversal via crafted Git repositories in jj

jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...

9.3CVSS7AI score0.0059EPSS
Exploits0References1
cve
cve
added 2024/11/07 12:15 a.m.51 views

CVE-2024-51990

CVE-2024-51990 affects jj (Jujutsu), a Git-compatible VCS written in Rust. The issue is a path traversal vulnerability where specially crafted Git repositories can cause jj to write files outside the clone. This has been fixed in version 0.23.0. If upgrading is not possible, users are advised to ...

9.3CVSS6.5AI score0.0059EPSS
Exploits0References1
redhat
redhat
added 2024/05/22 10:3 a.m.2 views

kernel: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

In the Linux kernel, the following vulnerability has been resolved: vcscreen: move load of struct vcdata pointer in vcsread to avoid UAF After a call to consoleunlock in vcsread the vcdata struct can be freed by vcdeallocate. Because of that, the struct vcdata pointer load must be done at the top...

7.8CVSS6.4AI score0.00274EPSS
Exploits0References5
nessus
nessus
added 2024/05/10 12:0 a.m.27 views

Fedora 38 : pypy (2024-797928fed3)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-797928fed3 advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
nessus
nessus
added 2024/05/10 12:0 a.m.18 views

Fedora 39 : pypy (2024-dada06a500)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-dada06a500 advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
nessus
nessus
added 2024/05/09 12:0 a.m.41 views

Fedora 40 : pypy (2024-612986fdfa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-612986fdfa advisory. Security fix for CVE-2023-5752 in the bundled pip. Tenable has extracted the preceding description block directly from the Fedora security advisory...

5.5CVSS6.7AI score0.00476EPSS
Exploits0References2
openvas
openvas
added 2024/04/03 12:0 a.m.19 views

Fedora: Security Advisory for gitit (FEDORA-2024-b458482d48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS5.9AI score0.00368EPSS
Exploits1References2
fedora
fedora
added 2024/03/30 1:9 a.m.39 views

[SECURITY] Fedora 39 Update: gitit-0.15.1.1-6.fc39

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

6.3CVSS5.9AI score0.00368EPSS
Exploits1
nessus
nessus
added 2024/03/16 12:0 a.m.24 views

SUSE SLES12 Security Update : python36-pip (SUSE-SU-2024:0892-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0892-1 advisory. - CVE-2023-5752: Fixed possible injection of arbitrary configuration through Mercurial parameter. bsc1217353 Tenable has extracted the...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
ibm
ibm
added 2024/03/08 4:54 p.m.40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

5.5CVSS4.6AI score0.00476EPSS
Exploits0Affected Software1
Rows per page
Query Builder