Lucene search
K

175 matches found

CVE
CVE
added 2025/03/20 10:9 a.m.87 views

CVE-2024-12537

Summary: CVE-2024-12537 affects open-webui/open-webui v0.3.32, where unauthenticated access to /api/v1/utils/code/format can be abused by a high-volume POST to trigger unresponsiveness. Documented impact is denial of service / service degradation. A remediation is available: upgrade to open-webui...

7.5CVSS7.7AI score0.00879EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12138

Name of the Vulnerable Software and Affected Versions open-webui/open-webui version 0.3.32 Description The absence of authentication mechanisms in open-webui/open-webui allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request...

7.5CVSS7.1AI score0.00879EPSS
Exploits2References13
Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.6 views

389-ds-base bug fix update

An update is available for 389-ds-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The ba...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.25 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:0849-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0849-1 advisory. Updated to Mozilla Thunderbird 128.8 MFSA 2025-18 bsc1237683: - CVE-2024-43097: Overflow when...

8.8CVSS6.8AI score0.00519EPSS
Exploits1References26
OSV
OSV
added 2025/03/12 3:12 p.m.6 views

SUSE-SU-2025:0849-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 128.8 MFSA 2025-18 bsc1237683: - CVE-2024-43097: Overflow when growing an SkRegion's RunArray - CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process - CVE-2025-1931:...

8.8CVSS8AI score0.00519EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2025/03/10 6:17 a.m.14 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS6.7AI score0.00519EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-26992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS,...

3.3CVSS5.7AI score0.00221EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 1:55 a.m.81 views

CVE-2022-49172

Summary: CVE-2022-49172 pertains to the Linux kernel parisc line. The root cause was non-access data TLB faults from flush_user_dcache_range_asm and flush_user_icache_range_asm when pages are not present, leading to cache lines not being invalidated and potential memory corruption. Impact details...

7.1CVSS5.3AI score0.00252EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2025/02/26 1:55 a.m.16 views

CVE-2022-49172

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and fic instructions in flushuserdcacherangeasm and flushusericacherangeasm. When these occur, the cach...

7.1CVSS5.5AI score0.00252EPSS
Exploits0
OSV
OSV
added 2025/02/13 11:47 a.m.10 views

SUSE-SU-2025:0512-1 Security update for libtasn1

This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. bsc1236878...

5.3CVSS7.1AI score0.01025EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.4 views

Azure Linux 3.0 Security Update: edk2 / hvloader / openssl / rust (CVE-2023-2650)

The version of edk2 / hvloader / openssl / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2650 advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data...

6.5CVSS7AI score0.73461EPSS
Exploits0References2
Veeam
Veeam
added 2025/02/05 12:0 a.m.31 views

Hyper-V Resilient Change Tracking Performance Issues

Challenge General Hyper-V OS performance degradation can occur when using a backup solution to export Hyper-V VM snapshots during backup operations. Solution Based on investigations between Veeam and Microsoft, two underlying causes have been identified. Resilient Change Tracking Resilient Change...

6.8AI score
Exploits0
OSV
OSV
added 2025/02/03 8:55 a.m.6 views

SUSE-SU-2025:20046-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.1.14. Upstream changelog is available from . - CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092 Update to runc v1.1.13. Upstream changelog is available from . - Fixed a...

3.6CVSS6.3AI score0.00317EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/27 2:30 p.m.24 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

8.7CVSS6.8AI score0.01157EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.13 views

EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2025-1002)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded...

7.5CVSS7.9AI score0.02114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/17 12:0 a.m.8 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2024:4326-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4326-1 advisory. - CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal...

5.3CVSS7.3AI score0.00835EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/12/06 7:41 a.m.27 views

CVE-2024-52798

A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Mitigation Avoid using two parameters within a single path segment when the separato...

5.3CVSS6.4AI score0.00932EPSS
Exploits0References5
NVD
NVD
added 2024/12/05 11:15 p.m.27 views

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS0.00792EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/05 10:45 p.m.43 views

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS6.3AI score0.00792EPSS
Exploits0References2
OSV
OSV
added 2024/12/05 10:45 p.m.19 views

CVE-2024-52798 path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS6.9AI score0.00792EPSS
Exploits0References5
Rows per page
Query Builder