Lucene search
+L

106 matches found

OSV
OSV
added 2025/02/05 9:7 a.m.16 views

CVE-2023-52925 netfilter: nf_tables: don't fail inserts if duplicate has expired

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...

6.2CVSS6AI score0.00203EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/05 8:5 a.m.9 views

CVE-2024-29891

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

8.7CVSS6.8AI score0.0076EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component. CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please re...

7.8CVSS6.6AI score0.00266EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/01/17 10:2 a.m.21 views

RHSA-2025:0377 Red Hat Security Advisory: Security and bug fixes for NetworkManager

Bulletin has no description...

7.6CVSS7.5AI score0.04063EPSS
Exploits1References27
OSV
OSV
added 2024/12/12 8:10 a.m.4 views

SUSE-SU-2024:4301-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: + upgrade npm to 10.8.2 + update simdutf to 5.6.0 +...

8.7CVSS7.6AI score0.00873EPSS
Exploits0References3
OSV
OSV
added 2024/10/23 5:58 a.m.2 views

BELL-CVE-2024-50017

Bulletin has no description...

5.5CVSS7.3AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2024/09/13 2:43 p.m.26 views

RHSA-2017:3485 Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

Bulletin has no description...

7.5CVSS8.8AI score0.29442EPSS
Exploits8References41
OSV
OSV
added 2024/09/13 6:2 a.m.11 views

RHSA-2010:0958 Red Hat Security Advisory: kernel-rt security and bug fix update

Bulletin has no description...

8.3CVSS7AI score0.05542EPSS
Exploits22References90
OSV
OSV
added 2024/06/15 12:0 a.m.2 views

OPENSUSE-SU-2024:13223-1 libmca_common_dstore1-3.2.3-11.1 on GA media

These are all security issues fixed in the libmcacommondstore1-3.2.3-11.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS8.2AI score0.01121EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.5 views

OPENSUSE-SU-2024:12995-1 librnp0-0.16.3-1.1 on GA media

These are all security issues fixed in the librnp0-0.16.3-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.7AI score0.00901EPSS
Exploits0References2
OSV
OSV
added 2024/04/04 3:30 p.m.5 views

GHSA-65PC-76PQ-PVF5 Duplicate Advisory: Pebble service manager's file pull API allows access by any user

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References3
OSV
OSV
added 2023/12/12 2:41 p.m.7 views

SUSE-SU-2023:4736-1 Security update for tiff

This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode bsc1211478. - CVE-2023-1916: Fix out-of-bounds read in extractImageSection bsc1210231. - CVE-2023-26965: Fix heap-based use after free in loadImage bsc1212398. - CVE-2022-40090: Fix infinite...

6.5CVSS6.5AI score0.01684EPSS
Exploits5References11
The Hacker News
The Hacker News
added 2023/12/06 9:18 a.m.100 views

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 CVSS score: 9.8 - Deserialization vulnerability in SnakeYAML library that can lead to...

10CVSS8.4AI score0.99654EPSS
Exploits43
OSV
OSV
added 2023/11/28 10:7 a.m.5 views

MGASA-2023-0327 Updated mariadb packages fix a security vulnerability

Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...

4.9CVSS5.7AI score0.01782EPSS
Exploits0References3
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.12 views

SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An authorization bypass issue has been discovered in Secure Meeting Pulse Collaboration. This issue could allow an authenticated user to log into meetings that they do not have...

3.5CVSS6.3AI score0.01656EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 8:54 p.m.40 views

Security Bulletin: IBM Sterling Order Management Jave vulnerability

Summary Java SE related to the 2D component could allow a remote attacker Vulnerability Details CVEID:CVE-2014-0459 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service. CVSS Base score: 4.3 CVSS Tempora...

4.3CVSS6.4AI score0.04097EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/29 12:0 a.m.3 views

PT-2022-8237 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not contain details about a specific vulnerability. It appears to be a notification about a rejected CVE candidate number, CVE-2019-20283, with ...

6.3AI score
Exploits0References2
OSV
OSV
added 2022/08/01 6:43 a.m.5 views

OPENSUSE-SU-2022:10073-1 Security update for chromium

This update for chromium fixes the following issues: Chromium was updated to 103.0.5060.134 boo1201679: CVE-2022-2477 : Use after free in Guest View CVE-2022-2478 : Use after free in PDF CVE-2022-2479 : Insufficient validation of untrusted input in File CVE-2022-2480 : Use after free in Service...

8.8CVSS6.9AI score0.17864EPSS
Exploits0References8
OSV
OSV
added 2022/04/20 10:39 a.m.6 views

SUSE-SU-2022:0930-2 Security update for qemu

This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd bsc1195161. - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device bsc1192525. Non-security fixes: - Fixed a kernel data corruption via a long kernel bo...

7.8CVSS7.2AI score0.00338EPSS
Exploits0References11
OSV
OSV
added 2022/04/19 7:19 a.m.10 views

OPENSUSE-SU-2022:0114-1 Security update for chromium

This update for chromium fixes the following issues: Updated Chromium to 100.0.4896.127 boo1198509 - CVE-2022-1364: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives...

8.8CVSS8.9AI score0.1372EPSS
Exploits2References3
Rows per page
Query Builder