Lucene search
K

133 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.11 views

Amazon Linux 2 : nerdctl (ALAS-2025-2863)

The version of nerdctl installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2863 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

9.1CVSS7.3AI score0.00778EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/05/03 12:0 a.m.7 views

An Approach for Handling Missing Attribute Values in Attribute-Based Access Control Policy Mining

Attribute-Based Access Control ABAC enables highly expressive and flexible access decisions by considering a wide range of contextual attributes. ABAC policies use logical expressions that combine these attributes, allowing for precise and context-aware control. Algorithms that mine ABAC policies...

7.3AI score
Exploits0
Veracode
Veracode
added 2025/04/23 4:16 p.m.6 views

Cross-site Scripting (XSS)

golang.org/x/net is vulnerable to improper parsing logic. The vulnerability is due to incorrect tag interpretation in unquoted attribute values ending with a solidus / being mistakenly marked as self-closing, especially in foreign content like or . which allows attackers to exploit content in the...

6.5CVSS6.6AI score0.00478EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2025/04/16 6:16 p.m.11 views

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/09/10 6:30 p.m.33 views

Keycloak Denial of Service vulnerability

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with...

7.5CVSS6.2AI score0.00736EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2024/08/13 6:39 p.m.5 views

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

5.3CVSS7.2AI score0.02064EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/08/13 4:51 p.m.5 views

mozilla: Out of bounds read in editor component

The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. This could have led to an out-of-bounds read...

9.1CVSS7.4AI score0.00598EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Gyohiro Matsumoto. A security vulnerability exists in Ruby REXML versions prior to 3.2.6, which stems from a denial of service vulnerability in the REXML gem when parsing attribute...

5.3CVSS7.2AI score0.02064EPSS
Exploits1References7
RubySec
RubySec
added 2024/05/16 12:0 a.m.36 views

REXML contains a denial of service vulnerability

Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...

5.3CVSS6.4AI score0.02064EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/10 7:15 p.m.4 views

CVE-2023-50453

An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public...

5.3CVSS6AI score0.00495EPSS
Exploits0References2
Jake Archibald's Blog
Jake Archibald's Blog
added 2023/07/06 1:0 a.m.19 views

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/07/05 3:30 a.m.150 views

Bouncy Castle For Java LDAP injection vulnerability

Bouncy Castle provides the X509LDAPCertStoreSpi.java class which can be used in conjunction with the CertPath API for validating certificate paths. Pre-1.73 the implementation did not check the X.500 name of any certificate, subject, or issuer being passed in for LDAP wild cards, meaning the...

5.3CVSS6.2AI score0.00772EPSS
Exploits0References10Affected Software12
OSV
OSV
added 2023/04/03 12:55 p.m.5 views

USN-5992-1 ldb vulnerability

Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information...

7.7CVSS6.8AI score0.00567EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/04/03 12:55 p.m.62 views

USN-5992-1: ldb vulnerability

Demi Marie Obenour discovered that ldb, when used with Samba, incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information...

7.7CVSS6.8AI score0.00567EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/02 12:0 a.m.10 views

The vulnerability of the Trace View web instrumentation panel in Grafana allows attackers to escalate their privileges and perform cross-site scripting attacks.

The vulnerability of the Trace View web instrumentation panel in Grafana relates to insufficient protection of the web page structure when processing values of attributes and resources within a range. Exploiting this vulnerability allows an attacker to enhance their privileges and perform...

8.5CVSS6.7AI score0.09216EPSS
Exploits0References6Affected Software4
Code423n4
Code423n4
added 2023/03/01 12:0 a.m.11 views

Upgraded Q -> 2 from #56 [1677632875022]

Judge has assessed an item in Issue 56 as 2 risk. The relevant finding follows: 2. Attribute values of fees could exceed 1e18 when initializing even if the proposedFees is checked in proposeFees function. function initialize IERC20 asset, IERC4626 adapter, VaultFees calldata fees, address...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.8 views

SUSE CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6.1AI score0.03438EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.5 views

SUSE CVE-2016-9909

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

6.1CVSS6.1AI score0.02141EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.4 views

SUSE CVE-2016-9910

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...

6.1CVSS6.2AI score0.02141EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 2:57 a.m.23 views

Improper Neutralization of Input During Web Page Generation in html5lib

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...

6.1CVSS4.9AI score0.02141EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder