Lucene search
K

6 matches found

OSV
OSV
added 2025/11/04 6:39 p.m.6 views

GHSA-4766-X535-JW3R kgateway is missing xDS authorization

Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...

5.3CVSS6.8AI score0.00154EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.6 views

PT-2024-27943 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4 Description: The issue is related to an agent username and password error response discrepancy, which exposes the product to brute force enumeration. Recommendations: For...

7.5CVSS6.5AI score0.00409EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/07/17 12:30 p.m.13 views

be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.1.RELEASE), be.personify.iam:personify-frontend (=1.5.1.RELEASE) +51 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=2.0.0 <=2.0.4)

org.springframework.hateoas:spring-hateoas MAVEN version =2.0.0, =1.5.0.RELEASE, =1.5.0.RELEASE, =0.2.6, =1.6.9, =1.0, =1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.4 - com.wizzdi:FlexiCore =7.0.0 and more Source cves: CVE-2023-34036 Source advisory: OSV:GHSA-7M5C-FGWF-MWPH...

5.3CVSS6AI score0.00403EPSS
Exploits0
CNVD
CNVD
added 2017/02/10 12:0 a.m.56 views

Converse.js User Simulation Vulnerability

Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...

5.9CVSS7AI score0.0094EPSS
Exploits2References1
CNVD
CNVD
added 2016/07/29 12:0 a.m.5 views

Wireshark RLC Dissector Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A remote denial of service vulnerability exists in Wireshark versions 2.0.0 to 2.0.4 and...

5.9CVSS6.5AI score0.02349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2012/07/11 12:0 a.m.5 views

PT-2012-1848 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.0 through 2.0.4 Moodle versions 2.1.0 through 2.1.1 Description: The file browser component does not properly restrict access to category and course data, allowing remote attackers to obtain potentially sensitive informati...

5CVSS6.1AI score0.02118EPSS
Exploits0References11
Rows per page
Query Builder