Lucene search
K

206 matches found

OSV
OSV
added 2024/08/29 12:31 p.m.33 views

GHSA-MG8J-W93W-XJGC Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

6.3CVSS5AI score0.09269EPSS
Exploits4References9
Github Security Blog
Github Security Blog
added 2024/08/29 12:31 p.m.49 views

Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

5.3CVSS6.8AI score0.09269EPSS
Exploits4References9Affected Software3
NVD
NVD
added 2024/08/29 11:15 a.m.48 views

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

5.3CVSS0.09269EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2024/08/29 12:0 a.m.17 views

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

6.8AI score0.09269EPSS
Exploits4References2
CVE
CVE
added 2024/08/29 12:0 a.m.99 views

CVE-2024-45440

Summary: CVE-2024-45440 affects Drupal 11.x-dev, where core/authorize.php can disclose full file paths when hash_salt is set to file_get_contents of a non-existent file. Affected components: Drupal 11.x-dev, core/authorize.php. Root cause (as stated): hash_salt evaluated via file_get_contents of ...

5.3CVSS6.9AI score0.09269EPSS
Exploits4References3Affected Software1
RedHat Linux
RedHat Linux
added 2024/08/07 9:43 a.m.3 views

kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

5.5CVSS6.8AI score0.00249EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/07 12:14 a.m.3 views

kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

5.5CVSS6.8AI score0.00249EPSS
Exploits0References5
Citrix
Citrix
added 2024/07/13 12:0 a.m.7 views

Error: "Could Not Logon. Verify your credentials and network connectivity" and "Service unavailable"

Application enumeration fails when the StoreFront server is connected through Access Gateway Enterprise Edition and iOS Receiver 5.7.x for iPad/iPhone. The following error messages are displayed: “Could Not Logon. Verify your credentials and network connectivity.” "Could Not Logon. Service...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/06/22 3:35 a.m.2 views

SUSE CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

6.1CVSS6.6AI score0.00297EPSS
Exploits0References16
OSV
OSV
added 2024/06/19 2:15 p.m.1 views

DEBIAN-CVE-2024-38552

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...

7.8CVSS6AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2024/05/06 9:50 a.m.3 views

SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...

7.7CVSS7.5AI score0.0083EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2024/03/04 8:8 p.m.44 views

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

6CVSS6.5AI score0.0023EPSS
Exploits0References4
NVD
NVD
added 2024/03/02 10:15 p.m.18 views

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

5.5CVSS7.3AI score0.0023EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/03/02 10:15 p.m.21 views

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

5.5CVSS6.3AI score0.0023EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/03/02 9:52 p.m.31 views

CVE-2023-52532 net: mana: Fix TX CQE error handling

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

7.5AI score0.0023EPSS
Exploits0References3
OSV
OSV
added 2024/03/02 9:52 p.m.4 views

CVE-2023-52532 net: mana: Fix TX CQE error handling

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

5.5CVSS6.2AI score0.0023EPSS
Exploits0References6
CVE
CVE
added 2024/02/07 9:37 p.m.62 views

CVE-2024-23448

APM Server vulnerability CVE-2024-23448: when Elasticsearch returns a failure while indexing a document, the response may be logged at ERROR level and could include parts of the original document, potentially exposing sensitive data in APM Server logs. Affected product: APM Server (Elastic). Root...

7.5CVSS7.3AI score0.00577EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/01/09 7:57 a.m.14 views

Log Injection

pyload-ng is vulnerable to Log Injection. The vulnerability is caused due to a lack of validation while logging an error in apiblueprint.py and appblueprint.py. An attacker can corrupt log files exploiting this vulnerability...

5.3CVSS6.7AI score0.24513EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/04 9:30 p.m.14 views

Duplicate Advisory: Race Condition leading to logging errors

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjp3-5g2q-7jww. This link is maintained to preserve external references. Original Description A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries...

3.1CVSS6.8AI score0.00494EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/12/31 12:15 a.m.17 views

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

7.5CVSS0.0074EPSS
Exploits1References2
Rows per page
Query Builder