Lucene search
K

21306 matches found

CVE
CVE
added 2025/03/07 4:13 p.m.60 views

CVE-2024-53693

CVE-2024-53693 is an improper neutralization of CRLF sequences (CRLF Injection) vulnerability affecting QNAP QTS and QuTS hero. The issue allows remote attackers who have gained user access to modify application data due to inadequate CRLF handling in affected OS versions. Affected products inclu...

7.1CVSS7.2AI score0.00446EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/07 4:13 p.m.5 views

CVE-2024-50405 QTS, QuTS hero

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

5.1CVSS7.2AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2025/03/07 4:13 p.m.57 views

CVE-2024-50405

CVE-2024-50405 affects QNAP QTS and QuTS hero with CRLF Injection due to improper neutralization of CRLF sequences. Affected products and versions: QTS 5.2.3.3006 build 20250108 and later; QuTS hero h5.2.3.3006 build 20250108 and later. Root cause is improper CRLF sequence handling, enabling a re...

5.5CVSS7.2AI score0.0038EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/07 4:13 p.m.13 views

CVE-2024-50405 QTS, QuTS hero

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

5.1CVSS0.0038EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/07 3:14 p.m.40 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a...

8.8CVSS10AI score0.03028EPSS
Exploits7Affected Software1
SUSE CVE
SUSE CVE
added 2025/03/06 3:1 a.m.2 views

SUSE CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

5.3CVSS7.6AI score0.00699EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-53058

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be...

5.5CVSS6.9AI score0.00245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-27111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...

7.5CVSS6.2AI score0.00699EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2009-3720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent...

5CVSS7AI score0.27924EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-57809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata...

5.5CVSS6.8AI score0.0021EPSS
Exploits0References4
Amazon
Amazon
added 2025/03/06 12:0 a.m.10 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS10AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/03/06 12:0 a.m.11 views

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-53907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to ...

7.5CVSS6.7AI score0.01398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-55641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfstransallocdir Debugging a filesystem patch with...

5.5CVSS5.8AI score0.0017EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-52005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git...

8.8CVSS7.2AI score0.00494EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-8376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of...

7.5CVSS8AI score0.00748EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/05 6:44 a.m.6 views

CVE-2025-27111

A flaw was found in Rack Rubygem, where the Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. This flaw allows an attacker to inject escape sequences, such as newline characters, into the header, resulting in log injection. Mitigation To mitigate this...

5.3CVSS6.8AI score0.00699EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2020-36242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer...

9.1CVSS7.4AI score0.06718EPSS
Exploits1References2
Rows per page
Query Builder