Lucene search
K

228 matches found

OSV
OSV
added 2025/05/26 11:4 a.m.5 views

SUSE-SU-2025:01705-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Upgrade to 13.21: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/13.21/...

5.9CVSS5.8AI score0.00637EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.3 views

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a buffer overflow vulnerability that stems from the formSetWANWizard534 function parameter curTime failing to correctly validate the length size of the input data, which can be exploited by an...

9.8CVSS8.1AI score0.02195EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.3 views

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which stems from a...

5.9CVSS7.1AI score0.00637EPSS
Exploits0References2
OSV
OSV
added 2025/04/21 1:15 a.m.2 views

UBUNTU-CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message...

9.8CVSS6.1AI score0.00503EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/03/28 5:6 p.m.5 views

Security update for python3

This update for python3 fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...

6.3CVSS6.7AI score0.0067EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.4 views

Dell UCC Edge 代码问题漏洞

Dell UCC Edge is a Dell APEX metering solution from Dell USA. A code issue vulnerability exists in Dell UCC Edge version 2.3.0 that stems from a failure to validate input when adding a customer SFTP server...

7.9CVSS6.9AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.1 views

PT-2025-5644 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions = v0.38.16, v1.0.0 Description: A bug in CometBFT's validation of block part indices and proof part indices can lead to incorrect processing and dissemination of invalid parts, potentially causing a network halt. This issue...

7.1AI score
Exploits0References6
CVE
CVE
added 2025/01/09 12:33 a.m.218 views

CVE-2024-37372

The CVE-2024-37372 entry concerns Node.js and the experimental permission model. The root cause is a faulty assumption in UNC path handling: the model treats paths starting with two backslashes as having a four-character prefix that can be ignored, which is not universally true. This leads to vul...

3.6CVSS6.8AI score0.00477EPSS
Exploits0References3
OSV
OSV
added 2024/12/04 10:31 a.m.8 views

SUSE-SU-2024:4165-1 Security update for python

This update for python fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems ...

6.3CVSS4.5AI score0.0067EPSS
Exploits0References5
OSV
OSV
added 2024/09/05 7:15 p.m.10 views

UBUNTU-CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...

9.8CVSS5.8AI score0.00387EPSS
Exploits0References5
OSV
OSV
added 2024/08/17 9:15 a.m.2 views

DEBIAN-CVE-2024-42260

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking...

5.5CVSS5.7AI score0.00196EPSS
Exploits0References1
Amazon
Amazon
added 2024/08/15 12:0 a.m.5 views

Medium: php8.2

Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...

5.9CVSS7.2AI score0.12117EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/08/08 4:44 a.m.3 views

kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/04/17 11:15 a.m.4 views

CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS5.6AI score0.00223EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/04/17 11:15 a.m.1 views

DEBIAN-CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS4.9AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/04/17 11:15 a.m.4 views

UBUNTU-CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS5.8AI score0.00223EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

WordPress Plugin WP-Eggdrop 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8.2AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2024/03/22 6:12 p.m.31 views

GO-2024-2643 Bypass manifest during application creation in github.com/argoproj/argo-cd/v2

An improper validation bug allows users who have create privileges to sync a local manifest during application creation. This allows for bypassing the restriction that the manifests come from some approved git/Helm/OCI source...

6.4CVSS6.3AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2024/03/15 7:17 a.m.21 views

BIT-ARGO-CD-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.6AI score0.00532EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 9:15 p.m.24 views

Input validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

5.5CVSS7AI score0.00532EPSS
Exploits0References3
Rows per page
Query Builder