Lucene search
K

6501 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/06 1:56 a.m.8 views

Malicious code in @bingads-webui-react/with-site-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997e1cce193e872c031f1482119f4899f32d99a1ecc7dc194270a504607c421e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/06 1:56 a.m.5 views

MAL-2024-7905 Malicious code in @bingads-webui-react/with-site-map (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 997e1cce193e872c031f1482119f4899f32d99a1ecc7dc194270a504607c421e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.3 views

bpf: Allow delete from sockmap/sockhash only if update is allowed

...

4.7CVSS7.3AI score0.0022EPSS
Exploits0
NVD
NVD
added 2024/07/31 8:15 p.m.12 views

CVE-2024-41951

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4...

4.4CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:15 p.m.6 views

AZL-48656 CVE-2024-42063 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

5.5CVSS6.8AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:15 p.m.5 views

AZL-47065 CVE-2024-42075 affecting package kernel for versions less than 5.15.162.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:15 p.m.5 views

AZL-47186 CVE-2024-42075 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 4:15 p.m.1 views

UBUNTU-CVE-2024-42063

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

5.5CVSS6.6AI score0.00222EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2024/07/29 3:52 p.m.18 views

CVE-2024-42063 bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsanunposionmemory in interpreter mode syzbot reported uninit memory usages during maplookup,deleteelem. ========== BUG: KMSAN: uninit-value in devmaplookupelem kernel/bpf/devmap.c:441 inline BUG:...

6.8AI score0.00222EPSS
Exploits0References4
OSV
OSV
added 2024/07/29 3:15 p.m.1 views

DEBIAN-CVE-2024-41066

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: txbufffreemapconsumerindex-skb = newskb; freemapconsumerindex = IBMVNICINVALIDMAP; consumerindex ++; Whe...

5.5CVSS5.6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.6 views

AZL-62696 CVE-2024-41067 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2024/07/29 3:15 p.m.7 views

UBUNTU-CVE-2024-41067

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...

5.5CVSS5.7AI score0.00197EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if the skb address is null during a transfer, which could lead to a skb memory leak if th...

5.5CVSS6.5AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/26 8:52 p.m.23 views

CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...

7.5CVSS0.00713EPSS
Exploits1References5
CVE
CVE
added 2024/07/26 8:52 p.m.59 views

CVE-2024-41118

The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...

9.8CVSS8.1AI score0.00713EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.4 views

streamlit-geospatial 代码问题漏洞

streamlit-geospatial is an Open Geospatial Solutions open source streamlit multi-page application for geospatial applications. A code issue vulnerability exists in streamlit-geospatial that stems from pages/7? The url variable in WebMapService.py accepts user input that is passed to the getlayers...

9.8CVSS7AI score0.00713EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.5 views

PT-2024-29274 · Pypi · Streamlit-Geospatial

Name of the Vulnerable Software and Affected Versions: streamlit-geospatial versions prior to commit c4f81d9616d40c60584e36abb15300853a66e489 Description: The issue allows for blind server-side request forgery due to the url variable taking user input, which is then used by the get wms layer meth...

9.8CVSS7.1AI score0.00713EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/07/25 7:26 p.m.6 views

io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS7.1AI score0.01055EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2024/07/24 9:11 a.m.7 views

brightonandhovecyclemap.co.uk Cross Site Scripting vulnerability OBB-3949812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2024/07/24 3:15 a.m.6 views

CVE-2024-6753

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6AI score0.00782EPSS
Exploits0References2
Rows per page
Query Builder