Lucene search
+L

131 matches found

OSV
OSV
added 2024/06/07 8:50 p.m.9 views

GHSA-5GMF-3C43-Q73V ZendFramework vulnerable to Cross-site Scripting

Zend\Debug, Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone were not using Zend\Escaper when escaping HTML, HTML attributes, and/or...

6.1CVSS6.2AI score
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:44 a.m.30 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
ICS
ICS
added 2024/05/07 6:0 a.m.32 views

SUBNET Substation Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Subnet Solutions Inc. Equipment : Substation Server Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by...

8.6CVSS8.9AI score0.00209EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 7:55 p.m.39 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-28102 DESCRIPTION: JWCrypto is vulnerable to a...

9.8CVSS8.2AI score0.04488EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.16 views

PT-2024-20076 · Quest · Kace Agent

Name of the Vulnerable Software and Affected Versions: Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 Description: An issue exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components, allowing local attackers to create any file of their choice with NT...

7.8CVSS6.9AI score0.00444EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/12 3:48 p.m.46 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security...

9.8CVSS8AI score0.01613EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/09 6:54 p.m.33 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...

7.5CVSS7.2AI score0.00797EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.6 views

PT-2024-23148 · WordPress · Wpwax Post Grid

Name of the Vulnerable Software and Affected Versions: wpWax Post Grid, Slider & Carousel Ultimate versions 1.6.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means...

6.5CVSS9.2AI score0.00336EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/03/12 9:30 p.m.4 views

com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.github.yangl:pulsar-msg-filter-plugin (=3.0) +6 more potentially affected by CVE-2024-27135 via org.apache.pulsar:pulsar-functions-worker (>=3.0.0 <=3.0.2)

org.apache.pulsar:pulsar-functions-worker MAVEN version =3.0.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2024-27135 Source advisory: OSV:GHSA-XP2R-G8QQ-44HH...

9.9CVSS7.2AI score0.05983EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.7 views

PT-2024-2136 · D Link · D-Link Gortac750 A1 Fw V101B03

Name of the Vulnerable Software and Affected Versions: D-Link GORTAC750 A1 FW v101b03 Description: A Cross-site scripting XSS vulnerability in components such as dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi, and seama.cgi allows remote attackers to inject arbitrary web script or HTML via the url...

6.1CVSS6AI score0.00507EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 6:50 p.m.40 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

9.3CVSS8.3AI score0.02761EPSS
Exploits3Affected Software1
Prion
Prion
added 2024/02/07 10:15 a.m.16 views

Buffer overflow

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

4CVSS7.2AI score0.00763EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 1:16 p.m.51 views

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker t...

9.8CVSS9.6AI score0.14663EPSS
Exploits14Affected Software1
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.37 views

A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

9.8CVSS7AI score0.16154EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 6:48 p.m.89 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-24329 DESCRIPTION: Python could allow a remote attacker to bypass securit...

9.8CVSS9.8AI score0.95302EPSS
Exploits36Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/21 8:31 p.m.37 views

Security Bulletin: IBM Security Verify Governance uses components with known vulnerabilities (CVE-2021-22696, CVE-2021-30468, CVE-2020-1954)

Summary Components with the following Known Vulnerabilities have been upgraded in IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2021-22696 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by improper validation of requesturi parameter by the OAuth 2...

7.5CVSS7AI score0.07024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/30 4:6 p.m.43 views

Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The package has been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

9.8CVSS10AI score0.15014EPSS
Exploits30Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:29 p.m.43 views

K15732: Linux kernel vulnerability CVE-2013-0311

Security Advisory Description Description The translatedesc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging Kernel-base Virtual Machine KVM guest OS privilege...

6.5CVSS7AI score0.00644EPSS
Exploits0Affected Software17
F5 Networks
F5 Networks
added 2023/02/21 6:30 p.m.39 views

K16882: OpenLDAP vulnerability CVE-2013-4449

Security Advisory Description Description The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the...

4.3CVSS5.3AI score0.10913EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-10340 · Alsdb · Alsdb

Name of the Vulnerable Software and Affected Versions: nickzren alsdb versions prior to v2 Description: A critical issue affects some unknown processing, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information about...

9.8CVSS7.6AI score0.00681EPSS
Exploits0References9
Rows per page
Query Builder