Lucene search
+L

34 matches found

Positive Technologies
Positive Technologies
added 2025/03/23 12:0 a.m.7 views

PT-2025-12714 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...

9.8CVSS8AI score0.99098EPSS
Exploits23References123
Cvelist
Cvelist
added 2023/07/27 6:7 p.m.42 views

CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...

8.3CVSS9.7AI score0.00719EPSS
Exploits1References2
0day.today
0day.today
added 2020/06/24 12:0 a.m.207 views

Gila CMS 1.11.5 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for perl platform in category web applications ===== Tempest Security Intelligence - ADV-07/2020 ========================== GilaCMS - Version 1.11.5 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of...

6.8CVSS0.1AI score0.01814EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2020/05/20 12:0 a.m.3 views

PT-2020-13393 · Gitea +1 · Gitea +1

Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.11.5 Description: An issue was discovered in Gitea where an attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. Recommendations: For Gitea versions...

7.5CVSS6.9AI score0.01987EPSS
Exploits1References16
CNVD
CNVD
added 2019/03/15 12:0 a.m.3 views

Google Go CRLF Injection Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A CRLF injection vulnerability exists in net/http in Google Go version 1.11.5, which can be exploited by remote attackers to manipulate HTTP headers and attack an internal host...

6.1CVSS7.3AI score0.02346EPSS
Exploits1References1
ALT Linux
ALT Linux
added 2019/01/24 12:0 a.m.71 views

Security fix for the ALT Linux 10 package golang version 1.11.5-alt1

Jan. 24, 2019 Alexey Shabalin 1.11.5-alt1 - 1.11.5 - fixed CPU DoS vulnerability affecting P-521 and P-384 Fixes: CVE-2019-6486 - add ppc64le to goarches...

6.4CVSS6.8AI score0.04326EPSS
Exploits0
NVD
NVD
added 2018/11/13 8:29 p.m.18 views

CVE-2018-2491

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

7.8CVSS7.6AI score0.00787EPSS
Exploits0References2
Prion
Prion
added 2018/11/13 8:29 p.m.18 views

Information disclosure

The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

6.8CVSS7.5AI score0.00746EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/11/13 8:29 p.m.4 views

CVE-2018-2490

The broadcast messages received by SAP Fiori Client are not protected by permissions. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

7.8CVSS5.8AI score0.00746EPSS
Exploits0References2
OSV
OSV
added 2018/11/13 8:29 p.m.5 views

CVE-2018-2488

It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

7.8CVSS5.8AI score0.00787EPSS
Exploits0References2
OSV
OSV
added 2018/11/13 8:29 p.m.6 views

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

7.7CVSS5.9AI score0.01178EPSS
Exploits0References3
Prion
Prion
added 2018/11/13 8:29 p.m.19 views

Design/Logic Flaw

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the...

6.8CVSS7.4AI score0.00787EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/11/13 8:29 p.m.6 views

CVE-2018-2489

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version...

7.8CVSS5.9AI score0.00872EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.46 views

SuSE 11.2 Security Update : OpenJDK (SAT Patch Number 6987)

java-openjdk was upgraded to version 1.11.5 to fix various security and non-security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. if...

10CVSS8.4AI score0.98536EPSS
Exploits39References63
Rows per page
Query Builder