Lucene search
K

6775 matches found

RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.3 views

python-django: Potential SQL injection in QuerySet.values() and values_list()

A flaw was found in Django. The QuerySet.values and QuerySet.valueslist methods on models with a JSONField were subject to SQL injection in column aliases via a crafted JSON object key as a passed arg...

9.8CVSS7.1AI score0.01227EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.3 views

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iT...

8.8CVSS7.4AI score0.00329EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2024/10/30 6:34 p.m.2 views

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG bsc1231419 CVE-2024-35863: Fixed potential UAF in...

7.8CVSS8AI score0.00265EPSS
Exploits0References28
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.5 views

The vulnerability of the HikCentral Master Lite video surveillance and security management software lies in the absence of a mechanism to neutralize certain elements in CSV files, allowing attackers to execute arbitrary commands.

The vulnerability of the HikCentral Master Lite video surveillance and security management software lies in the absence of a mechanism to neutralize certain elements in CSV files. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

10CVSS5.8AI score0.00538EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.7 views

The vulnerability of HashiCorp’s Vault and Vault Enterprise storage platforms for corporate information, related to improper validation of input data, allows attackers to insert arbitrary random values (nulls) when encryption is disabled.

The vulnerability of the HashiCorp Vault and Vault Enterprise archiving platforms relates to improper validation of input data. Exploiting this vulnerability allows a malicious actor to assign arbitrary random values nonces when encryption is disabled...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2024/10/28 12:23 p.m.14 views

GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

9.4CVSS6.7AI score0.00679EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.4 views

PT-2024-9024 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 26.0.2 Description: A flaw was found in Keycloak, where sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintende...

8.2CVSS6.1AI score0.00937EPSS
Exploits0References30
Snyk
Snyk
added 2024/10/26 12:32 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering in the selectfiles method in the \controller\sys\Attachh.php file. An attacker can inject malicious scripts by passing unfiltered parameters and values into the param parameter. Details...

6.1CVSS5.3AI score0.00268EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/24 12:0 a.m.26 views

RHEL 9 : python3.12 (RHSA-2024:8447)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8447 advisory. Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It...

7.5CVSS7.1AI score0.02203EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2024/10/23 1:24 p.m.3 views

SUSE CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

7.8CVSS7.5AI score0.00316EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/10/22 2:22 p.m.3 views

SUSE CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

3.3CVSS6.5AI score0.00248EPSS
Exploits0References8
OSV
OSV
added 2024/10/21 8:15 p.m.1 views

UBUNTU-CVE-2022-48987

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when userspace passes weird values. But that assumed that...

5.5CVSS6.2AI score0.00248EPSS
Exploits0References11
NVD
NVD
added 2024/10/21 6:15 p.m.8 views

CVE-2024-49977

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs The commit b8c43360f6e4 "net: stmmac: No need to calculate speed divider when offload is disabled" allows the "porttransmitratekbps" to be set to a value of 0, which is...

5.5CVSS0.00247EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of uninitialized values in the jfs file system in eabuffer handling...

7.1CVSS6.8AI score0.00279EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from the mlx5etirbuilderalloc function in the net/mlx5e module that does not handle NULL return values...

5.5CVSS6.6AI score0.00235EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.6 views

PT-2024-33832

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an integer overflow in BLKSECDISCARD, which can cause a near infinite loop inside blkdev issue secure erase. This occurs when a specific ioctl call is made with...

5.5CVSS5.5AI score0.00238EPSS
Exploits0
OSV
OSV
added 2024/10/18 9:15 a.m.2 views

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

9.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/10/17 7:15 p.m.21 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as...

7.5CVSS0.00612EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2024/10/16 12:0 a.m.32 views

OpenSSL -- OOB memory access vulnerability

The OpenSSL project reports: Low-level invalid GF2^m parameters lead to OOB memory access CVE-2024-9143 Low Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

4.3CVSS6.9AI score0.05966EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.8 views

Qnap QTS Out-of-bounds Read (CVE-2022-27598)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

2.7CVSS4.9AI score0.00658EPSS
Exploits0References2
Rows per page
Query Builder