Lucene search
K

5112 matches found

OSV
OSV
added 2024/11/19 2:16 a.m.3 views

DEBIAN-CVE-2024-50288

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...

5.5CVSS6AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2024/11/19 2:16 a.m.5 views

UBUNTU-CVE-2024-50288

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...

5.5CVSS6.7AI score0.00186EPSS
Exploits0References17
Cvelist
Cvelist
added 2024/11/19 1:30 a.m.15 views

CVE-2024-50288 media: vivid: fix buffer overwrite when using > 32 buffers

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...

0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/19 1:30 a.m.2 views

CVE-2024-50288 media: vivid: fix buffer overwrite when using > 32 buffers

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...

7.8AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 1:30 a.m.91 views

CVE-2024-50288

Technical details for CVE-2024-50288 are not available in the provided connected documents. The initial description mentions a buffer-overflow fix in the Linux kernel vivid driver, but there are no public details on affected versions, exploit status, or remediation beyond the patch.

5.5CVSS6.7AI score0.00186EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/11/19 1:30 a.m.11 views

CVE-2024-50288

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a mustblank array that was still sized for 32...

5.5CVSS6AI score0.00186EPSS
Exploits0
NVD
NVD
added 2024/11/18 11:15 a.m.14 views

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...

6.1CVSS0.00125EPSS
Exploits0References2
OSV
OSV
added 2024/11/18 11:15 a.m.4 views

CVE-2024-11023

Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...

6.1CVSS7AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/11/17 12:30 p.m.5 views

cn.langpy:db-listener (>=0.0.9-jdk8 <=1.0.4-jdk8), cn.tenmg:flink-connector-mysql-cdc-log (=1.0.0) +62 more potentially affected by CVE-2023-1419 via io.debezium:debezium-connector-mysql (>=0.3.1 <=2.2.1.Final)

io.debezium:debezium-connector-mysql MAVEN version =0.3.1, =0.0.9-jdk8, =2.10.6.9, =4.3, =4.2, =4.2, =5.0, =2.1.0, =3.0.1 - dev.daodao.data:zipper-core =0.0.1 - io.cdap.delta:mysql-delta-plugins =0.10.0 and more Source cves: CVE-2023-1419 Source advisory: OSV:GHSA-HVW5-3MGW-7RCF...

5.9CVSS6.2AI score0.0038EPSS
Exploits0
Snyk
Snyk
added 2024/11/15 3:48 p.m.3 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the hostname parameter in capture.inc.php, when creating a new device. PoC Pass in a...

5.4CVSS5.3AI score0.00381EPSS
Exploits1References2
OSV
OSV
added 2024/11/15 3:27 p.m.12 views

CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...

4.8CVSS5.4AI score0.00381EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/15 3:27 p.m.19 views

CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...

4.8CVSS0.00381EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/11/15 3:27 p.m.17 views

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture...

5.4CVSS5.2AI score0.00381EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/11/15 3:27 p.m.14 views

GHSA-RMR4-X6C9-JC68 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This vulnerability results in the execution of malicious code when the "Capture...

7.5CVSS5AI score0.00381EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS that stems from a stored...

5.4CVSS5.8AI score0.00381EPSS
Exploits1References2
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.28 views

SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. Description The...

5.9CVSS6.5AI score0.00644EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/09 8:0 a.m.5 views

Double-free in libpcap before 1.10.5 with remote packet capture support.

...

4.4CVSS7AI score0.0022EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/07 3:17 p.m.1 views

Malicious code in pupeteer-capture (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021121bee5e4389860a59c8fe51ff445ba8a266672fc246bdb5eff63d96d1c5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/11/07 3:17 p.m.3 views

MAL-2024-10517 Malicious code in pupeteer-capture (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021121bee5e4389860a59c8fe51ff445ba8a266672fc246bdb5eff63d96d1c5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Trellix
Trellix
added 2024/11/07 12:0 a.m.10 views

New Stealer Uses Invalid Cert To Compromise Systems

New Stealer Uses Invalid Cert To Compromise Systems By Mohinder Gill, Mallikarjun Wali and Sangram Mohapatro · November 07, 2024 A new Stealer has been making the rounds. Its name: Fickle. Fickle Stealer is a new Rust-based information stealer that spreads through various attack vectors, includin...

7.2AI score
Exploits0
Rows per page
Query Builder