Lucene search
K

406 matches found

Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.5 views

PT-2025-20284 · Discourse · Discourse Code Review Plugin

Name of the Vulnerable Software and Affected Versions: Discourse Code Review Plugin versions prior to commit eed3a80 Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This is a problem with the Discourse Code...

3.1CVSS7AI score0.00267EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.12 views

PatchFuzz: Patch Fuzzing for JavaScript Engines

Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have been limited to using ordinary test cases or publicly...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/27 12:0 a.m.3 views

On the Prevalence and Usage of Commit Signing on GitHub: a Longitudinal and Cross-Domain Study

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository by spoofing the commit metadata to indicate that the code...

7AI score
Exploits0
Snyk
Snyk
added 2025/04/14 11:40 p.m.3 views

Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure through the request.py wrapper. An attacker can intercept and misuse sensitive information by exploiting the improper handling of HTTP headers and cookies...

9.2CVSS6.6AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2025/02/26 1:54 a.m.131 views

CVE-2021-47646

CVE-2021-47646 (Linux kernel) involves a crash triggered by interactions around block, bfq: honor already-setup queue merges. The vulnerability arose when the commit 2d52c58b9c9b was merged and later reverted by ebc69e897e17; that revert did not introduce the bug, but actually exposed a UAF cause...

7.8CVSS5.4AI score0.00254EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a memory leak in the nfcmrvlplaydeferred function that does not properly handle URB commits...

5.5CVSS6AI score0.0025EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/02/14 6:57 a.m.2 views

SUSE CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel iouring subsystem can be exploited to achieve local privilege escalation. Racing a iouring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59...

5.5CVSS6.7AI score0.00718EPSS
Exploits0References16
OSV
OSV
added 2024/12/12 12:15 p.m.2 views

UBUNTU-CVE-2024-8233

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...

7.5CVSS5.7AI score0.0075EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.13 views

CVE-2024-47544

GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10...

7.5CVSS6.9AI score0.01051EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.21 views

CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

9.1CVSS6.6AI score0.01139EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.10 views

CVE-2024-47539

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the converttos3341a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loo...

9.8CVSS7.2AI score0.00975EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.13 views

CVE-2024-47834

GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GSTMATROSKAIDCODECPRIVATE case within the gstmatroskademuxparsestream function, a dat...

9.1CVSS6.6AI score0.00893EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/12/12 12:0 a.m.10 views

CVE-2024-47543

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemuxparsecontainer function within qtdemux.c. In the parent function qtdemuxparsenode, the value of length is not well checked. So, if length is big enough, it causes t...

7.5CVSS6.5AI score0.00897EPSS
Exploits0References4
OSV
OSV
added 2024/12/09 10:15 a.m.4 views

UBUNTU-CVE-2024-46901

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...

4.3CVSS5.7AI score0.01905EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/11/19 3:48 a.m.4 views

SUSE CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...

8.1CVSS7AI score0.00228EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/12 10:30 a.m.22 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/11/12 12:0 a.m.21 views

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS7.9AI score0.01127EPSS
Exploits0References4
CVE
CVE
added 2024/11/05 6:54 p.m.92 views

CVE-2024-51746

CVE-2024-51746 affects gitsign. The vulnerability arises when Rekor’s search API is used to verify a signature: the API may return entries that match either the public key or the payload, not both. As a result, gitsign could select an incorrect Rekor entry during online verification, and, because...

1.8CVSS6.5AI score0.00116EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2024/09/30 2:30 p.m.17 views

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

7.5CVSS7.8AI score0.01533EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/26 6:32 p.m.24 views

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References2
Rows per page
Query Builder