Lucene search
K

735 matches found

Vulnrichment
Vulnrichment
added 2024/10/07 8:23 p.m.22 views

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

8.2CVSS7.3AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 6:52 p.m.5 views

CLSA-2024-1727895152 php: Fix of 3 CVEs

CVE-2020-7071: fix URL validation with functions like filtervar$url, FILTERVALIDATEURL - CVE-2021-21705: fix URL validation functionality via filtervar function with FILTERVALIDATEURL parameter when an URL with invalid password field can be accepted as valid - CVE-2024-5458: fix early-out for...

5.3CVSS6.8AI score0.12117EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.4 views

kernel: tcp_metrics: validate source addr length

A vulnerability was found in the Linux kernel's tcpmetrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read out of boundary read...

4.4CVSS6.8AI score0.00258EPSS
Exploits0References5
OSV
OSV
added 2024/09/17 9:15 p.m.4 views

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

7.2CVSS6.2AI score0.81973EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/09/14 12:0 a.m.34 views

Fedora 40 : python3-docs / python3.12 (2024-1d0cb3b43f)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d0cb3b43f advisory. This is the sixth maintenance release of Python 3.12 ==================================================== Python 3.12 is the newest major release of...

8.7CVSS6.8AI score0.02507EPSS
Exploits4References5
OSV
OSV
added 2024/08/13 5:15 p.m.2 views

CVE-2023-20510

An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...

6CVSS5.8AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 5:15 p.m.10 views

CVE-2023-20509

An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity...

5.2CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 5:15 p.m.12 views

CVE-2023-20510

An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...

6CVSS0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/13 4:52 p.m.16 views

CVE-2023-20510

An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...

4.7CVSS6.9AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/13 4:52 p.m.21 views

CVE-2023-20509

An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity...

5.2CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 4:52 p.m.51 views

CVE-2023-20509

CVE-2023-20509 describes an insufficient DRAM address validation in PMFW that could allow a local privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially leading to data integrity loss. Affected component is PMFW (PM firmware); root cause is address validation ...

5.2CVSS6.9AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.5 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver that stems from insufficient address validation and could allow a privileged attacker to perform a DMA read to SRAM from an invalid DRAM address, resulting i...

5.2CVSS6.4AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.6 views

PT-2024-11947 · Pmfw · Pmfw

Name of the Vulnerable Software and Affected Versions: PMFW affected versions not specified Description: The issue is related to an insufficient DRAM address validation in PMFW, which may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM. This could potentiall...

5.2CVSS6.6AI score0.00145EPSS
Exploits0References6
Snyk
Snyk
added 2024/07/31 3:28 p.m.4 views

URL Redirection to Untrusted Site ('Open Redirect')

Overview Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' through the commonly used GetAuthorizationContextAsync and IsValidReturnUrl methods which return non-null values and the IsValidReturnUrl method which could return true for malicious URL...

5.3CVSS7AI score0.00504EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/12 12:32 p.m.15 views

CVE-2024-40963 mips: bmips: BCM6358: make sure CBR is correctly set

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when archsyncdmaforcpuall is called. This was notice in situation where the system is booted...

6.7AI score0.00289EPSS
Exploits0References7
NVD
NVD
added 2024/07/09 4:15 p.m.67 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 3:33 p.m.43 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

3.4CVSS4.1AI score0.00467EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 3:33 p.m.69 views

CVE-2024-26015

Fortinet FortiProxy/FortiOS vulnerable to an incorrect parsing of numbers with different radices (CWE-1389) in IP address validation, enabling an unauthenticated attacker to bypass the IP blocklist. Affected: FortiProxy 7.4.3 and below, 7.2.10 and below, 7.0.17 and below; FortiOS 7.4.3 and below,...

4.7CVSS7.3AI score0.00467EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2024/07/09 12:12 p.m.73 views

USN-6886-1: Go vulnerabilities

It was discovered that the Go net/http module did not properly handle the requests when request's headers exceed MaxHeaderBytes. An attacker could possibly use this issue to cause a panic resulting into a denial of service. This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

9.8CVSS7.3AI score0.91969EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/07/05 8:7 p.m.69 views

Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

7.2CVSS6.9AI score0.006EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder