Lucene search
K

6775 matches found

OSV
OSV
added 2024/11/19 6:15 p.m.3 views

UBUNTU-CVE-2024-53083

In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdrlen/txbuflen earlier If the read of USBPDPHYRXACKNOWLEDGEREG failed, then hdrlen and txbuflen are uninitialized. This commit stops to print uninitialized value and misleading/false data...

5.5CVSS6.6AI score0.00217EPSS
Exploits0References18
Cvelist
Cvelist
added 2024/11/19 5:45 p.m.18 views

CVE-2024-53081 media: ar0521: don't overflow when checking PLL values

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...

0.00227EPSS
Exploits0References4
CVE
CVE
added 2024/11/19 5:45 p.m.122 views

CVE-2024-53081

Public technical details (affected product/version/root cause/patch) for CVE-2024-53081 are not provided in the connected documents. Monitor for updates when new information becomes available.

5.5CVSS6.8AI score0.00227EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/17 12:0 a.m.5 views

PT-2024-35496 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.20.1 Description: An issue allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. This can...

8.8CVSS6.9AI score0.00473EPSS
Exploits0References17
OSV
OSV
added 2024/11/15 12:20 p.m.4 views

OESA-2024-2410 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

5.7CVSS7.6AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 12:20 p.m.3 views

OESA-2024-2408 hdf5 security update

HDF5 is a data model, library, and file format for storing and managing data. It supports an unlimited variety of datatypes, and is designed for flexible and efficient I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing applications to evolve in their use of HDF...

5.7CVSS7.6AI score0.00227EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.6 views

The vulnerability of Siemens SINEC Security Monitor’s security software lies in its improper validation of user-input data against a list of allowed values. This allows a perpetrator to compromise the integrity of the affected application configuration.

The vulnerability of Siemens SINEC Security Monitor software-related security protection lies in improper verification of the data entered by users against a list of allowed values. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...

4.3CVSS5.4AI score0.00373EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/11/14 4:10 a.m.11 views

Carriage Return Line Feed(CRLF) Injection

Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...

10CVSS6.7AI score0.00535EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/11/13 2:15 a.m.7 views

CVE-2024-10717

The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivatelicense function in all versions up to, and including, 3.3.4. This makes it possible for authenticated...

6.5CVSS0.00398EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/12 10:30 a.m.3 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
OSV
OSV
added 2024/11/12 7:8 a.m.15 views

BIT-AIRFLOW-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

4.9CVSS4.7AI score0.01201EPSS
Exploits0References4
OSV
OSV
added 2024/11/10 10:15 p.m.2 views

DEBIAN-CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

7.8CVSS7.8AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 3:15 p.m.21 views

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

4.9CVSS0.01201EPSS
Exploits0References3
OSV
OSV
added 2024/11/08 3:15 p.m.10 views

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

4.9CVSS5AI score
Exploits0References3
CVE
CVE
added 2024/11/08 2:37 p.m.300 views

CVE-2024-50378

This CVE (CVE-2024-50378) affects Apache Airflow versions before 2.10.3. The root cause is that when sensitive variables are set via the Airflow CLI, their values were written to audit logs and stored unencrypted in the Airflow database, making them accessible to authenticated users with audit lo...

4.9CVSS4.9AI score0.01201EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.4 views

Apache Airflow 安全漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.10.3, which stems from a vulnerabili...

4.9CVSS6.1AI score0.01201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.3 views

PT-2024-34168

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.3 Description: The issue allows authenticated users with audit log access to see sensitive values in audit logs that they should not see. This occurs when sensitive variables are set via the Airflow CLI,...

4.9CVSS5.7AI score0.01201EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2024/11/07 5:4 p.m.9 views

CVE-2024-50163

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

5.5CVSS7AI score0.00216EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.4 views

The vulnerabilities of AppleTalk Dissector, Dissector/RELOAD, Framing Dissector, and the Wireshark traffic analyzer allow attackers to cause service failures.

The vulnerability of AppleTalk Dissector/RELOAD Framing Dissector for computer network traffic detection by Wireshark is related to incorrect handling of missing values. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

3.1CVSS6.5AI score0.00306EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/11/06 7:0 p.m.3 views

CLSA-2024-1730919625 Fix CVE(s): CVE-2020-27773, CVE-2020-27775

SECURITY UPDATE: Integer overflow vulnerability in gem-private.h - debian/patches/CVE-2020-27773.patch: fix gamma calculation to prevent division by zero in ConvertLuvToXYZ function - CVE-2020-27773 SECURITY UPDATE: Undefined behaviour in quantum.h - debian/patches/CVE-2020-27775.patch: fix...

4.3CVSS6.7AI score0.01124EPSS
Exploits2References1
Rows per page
Query Builder