Lucene search
+L

492 matches found

OSV
OSV
added 2024/03/06 10:54 a.m.42 views

BIT-GOLANG-2023-39320 Arbitrary code execution via go.mod toolchain directive in cmd/go

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

9.8CVSS9.2AI score0.01424EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2024/02/20 12:0 a.m.15 views

Cisco TelePresence Video Communication Server (VCS) Detection Consolidation

Consolidation of Cisco TelePresence Video Communication Server VCS detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

5.8AI score
Exploits0References1
CVE
CVE
added 2024/02/07 4:15 p.m.86 views

CVE-2024-20254

Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) are affected by CSRF vulnerabilities that allow an unauthenticated, remote attacker to perform arbitrary actions on the device. The issues arise from insufficient CSRF protections in the web-based management interface...

9.6CVSS9.2AI score0.00805EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/07 4:15 p.m.97 views

CVE-2024-20252

CVE-2024-20252 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). An unauthenticated, network-based attacker can exploit cross-site request forgery (CSRF) in the web-based management interface to perform arbitrary actions on an affected device. The issue requ...

9.6CVSS9.2AI score0.00846EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/07 4:15 p.m.22 views

CVE-2024-20252

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...

9.6CVSS9.7AI score0.00846EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 10:40 p.m.22 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Python Packaging Authority pip

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Python Packaging Authority pip. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority pip could allow a local authenticated attacker to bypass security restrictions, caus...

5.5CVSS4.7AI score0.00476EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/01/25 11:15 a.m.3 views

kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race

A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...

7.1CVSS6.6AI score0.00419EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/25 9:43 a.m.12 views

kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race

A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...

7.1CVSS6.6AI score0.00419EPSS
Exploits0References5
NVD
NVD
added 2024/01/11 6:15 a.m.43 views

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

9.9CVSS9.4AI score0.00627EPSS
Exploits1References5
CVE
CVE
added 2024/01/11 5:40 a.m.74 views

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...

9.9CVSS8.6AI score0.00627EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/09 8:31 p.m.28 views

Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

9.9CVSS6.8AI score0.00627EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.46 views

SUSE SLES12 Security Update : python-pip (SUSE-SU-2023:4987-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4987-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenable has extracted the preceding...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.30 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pip (SUSE-SU-2023:4988-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4988-1 advisory. - CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter bsc1217353. Tenab...

5.5CVSS6.9AI score0.00476EPSS
Exploits0References4
Amazon
Amazon
added 2023/12/04 12:0 a.m.5 views

Medium: kernel

Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...

7.8CVSS6.3AI score0.00419EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/23 12:0 a.m.49 views

Cisco Expressway Series / Cisco TelePresence VCS DoS (cisco-sa-http2-reset-d8Kf32vZ)

The Cisco Expressway Series or Cisco TelePresence Video Communication Server VCS running on the remote host is prior to 14.3.3. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a denial of service server...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References3
RedhatCVE
RedhatCVE
added 2023/11/21 4:19 a.m.51 views

CVE-2023-5752

A flaw was found in the Python pip package. The pip could allow a local authenticated attacker to bypass security restrictions due to a flaw when installing a package from a Mercurial VCS URL. By sending a specially crafted request, an attacker can inject arbitrary configuration options to the "h...

3.3CVSS3.8AI score0.00476EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.80 views

Command Injection in pip when used with Mercurial

When installing a package from a Mercurial VCS URL, e.g. pip install hg+..., with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call e.g. --config. Controlling the Mercurial configuration can modify how and which...

5.5CVSS7.1AI score0.00476EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.32 views

Design/Logic Flaw

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

1.7CVSS4.1AI score0.00476EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/25 6:17 p.m.95 views

PYSEC-2023-228

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

3.3CVSS7AI score0.00476EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/10/25 12:0 a.m.45 views

CVE-2023-5752

When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...

5.5CVSS6.8AI score0.00476EPSS
Exploits0References4
Rows per page
Query Builder