Lucene search
K

341 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.6 views

FreeBSD : Emacs -- Shell injection vulnerability (7ba6c085-1590-491a-98ce-5452646b196f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7ba6c085-1590-491a-98ce-5452646b196f advisory. An Emacs user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Li...

7.8CVSS8.1AI score0.00526EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/02/11 2:43 p.m.5 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedhatCVE
RedhatCVE
added 2025/02/05 12:45 a.m.5 views

CVE-2024-37177

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

8.1CVSS6.8AI score0.00368EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/01/15 6:56 p.m.22 views

K000149306: OpenSSL vulnerability CVE-2024-4603

Security Advisory Description Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or...

5.3CVSS7.1AI score0.01131EPSS
Exploits0
OSV
OSV
added 2024/11/27 3:15 p.m.9 views

UBUNTU-CVE-2024-53920

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. This unsafe expansion also occurs if a user chooses to...

7.8CVSS7.6AI score0.00526EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/11/18 12:0 a.m.11 views

Siemens SCALANCE M-800 Excessive Iteration (CVE-2024-4603)

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.8AI score0.01131EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2024/10/19 11:27 a.m.739 views

Exploit for CVE-2021-23369

CVE-2021-23369 Handlebars CVE-2021-23369 Vulnerability p...

9.8CVSS7.5AI score0.07028EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.4 views

PT-2024-9089

Name of the Vulnerable Software and Affected Versions GNU Emacs versions through 30.0.92 Description The issue is related to the elisp-completion-at-point function in GNU Emacs, which can trigger unsafe Lisp macro expansion when used on untrusted Emacs Lisp source code. This allows attackers to...

10CVSS8AI score0.00526EPSS
Exploits0References55
Amazon
Amazon
added 2024/08/15 12:0 a.m.4 views

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

9.1CVSS7AI score0.05582EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.9 views

PT-2024-6131 · Sap · Sap Bex Web Java Runtime Export Web Service

Name of the Vulnerable Software and Affected Versions: SAP BEx Web Java Runtime Export Web Service affected versions not specified Description: The issue is related to insufficient validation of an XML document accepted from an untrusted source in the SAP BEx Web Java Runtime Export Web Service...

8.5CVSS6.9AI score0.00537EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.21 views

EulerOS 2.0 SP8 : compat-openssl (EulerOS-SA-2024-2021)

According to the versions of the compat-openssl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

5.5CVSS6.4AI score0.03174EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/12 3:31 p.m.34 views

Apache Wicket: Remote code execution via XSLT injection

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

9.8CVSS8AI score0.02127EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/12 1:15 p.m.44 views

CVE-2024-36522

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

9.8CVSS0.02127EPSS
Exploits0References2
CVE
CVE
added 2024/07/12 12:13 p.m.92 views

CVE-2024-36522

The CVE-2024-36522 issue affects Apache Wicket’s XSLTResourceStream.java default configuration, where processing input from untrusted sources can lead to remote code execution via XSLT injection. Concretely, the vulnerability centers on the default parsing/stream handling path, enabling an attack...

9.8CVSS10AI score0.02127EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/06/11 1:58 a.m.55 views

CVE-2024-37177

CVE-2024-37177 involves SAP Financial Consolidation and a cross-site scripting (XSS) vulnerability where data can be entered into a Web application via endpoints exposed on the network from an untrusted source. Successful exploitation could impact confidentiality and integrity of the application....

8.1CVSS8.1AI score0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/11 1:58 a.m.21 views

CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

8.1CVSS0.00368EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 1:58 a.m.20 views

CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...

8.1CVSS6.8AI score0.00368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.25 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-1746)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

5.5CVSS6.4AI score0.03174EPSS
Exploits0References2
CVE
CVE
added 2024/05/27 5:12 p.m.55 views

CVE-2024-35238

Summary: Minder by Stacklok (pre-0.0.51) is vulnerable to a DoS caused by the sigstore verifier reading an untrusted response without a size limit. An attacker can cause Minder to fetch attestations from a user-controlled GitHub endpoint (orgs/$owner/attestations/$checksumref) and feed a large re...

5.3CVSS5.3AI score0.0053EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/18 12:0 a.m.36 views

FreeBSD : OpenSSL -- Denial of Service vulnerability (b88aa380-1442-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b88aa380-1442-11ef-a490-84a93843eb75 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary:...

5.3CVSS6.9AI score0.01131EPSS
Exploits0References3
Rows per page
Query Builder