CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/08/12 6:25 p.m.•13 views

GHSA-XJ87-MQVH-88W2 fish-shop/syntax-check Improper Neutralization of Delimiters

Impact Improper neutralisation of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input value used in a workflow. This has the potential for exposure or exfiltrati...

6.9CVSS6.2AI score0.00821EPSS

Exploits0References5

NVD•added 2024/08/12 4:15 p.m.•21 views

CVE-2024-42482

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...

6.5CVSS0.00821EPSS

Vulnrichment•added 2024/08/12 3:35 p.m.•16 views

CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters

4.8CVSS7.3AI score0.00821EPSS

OSV•added 2024/08/12 3:35 p.m.•23 views

CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters

4.8CVSS7.2AI score0.00821EPSS

Exploits0References5

Cvelist•added 2024/08/12 3:35 p.m.•36 views

CVE-2024-42482 fish-shop/syntax-check Improper Neutralization of Delimiters

4.8CVSS0.00821EPSS

CVE•added 2024/08/12 3:35 p.m.•57 views

CVE-2024-42482

CVE-2024-42482 affects the GitHub action fish-shop/syntax-check used to validate fish shell files. The vulnerability arises from improper neutralization of delimiters in the pattern input, specifically the command separator ; and command substitution characters ( and ), enabling arbitrary command...

6.5CVSS5.6AI score0.00821EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2024/08/09 12:0 a.m.•4 views

The vulnerability of the Dawn component in browsers such as Google Chrome and Microsoft Edge on Android operating systems allows a hacker to bypass the sandbox protection mechanisms and execute arbitrary code.

The vulnerability of the Dawn component in Google Chrome and Microsoft Edge browsers on Android operating systems is related to the use of uninitialized variables. Exploiting this vulnerability allows a malicious actor to bypass the sandboxing mechanisms and execute arbitrary code using a special...

10CVSS7.6AI score0.00865EPSS

Exploits0References8Affected Software5

OSV•added 2024/08/06 10:3 p.m.•23 views

GO-2024-2998 Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker

Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker...

8.8CVSS8.1AI score0.00618EPSS

Exploits0References6

SUSE CVE•added 2024/08/06 2:0 a.m.•4 views

SUSE CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7.8CVSS8.1AI score0.00926EPSS

Exploits2References3

CNNVD•added 2024/08/05 12:0 a.m.•3 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which arises from the Automotive GPU module containing a use of uninitialized variables...

8.4CVSS6.8AI score0.00104EPSS

CNNVD•added 2024/08/02 12:0 a.m.•4 views

Western Digital Discovery 安全漏洞

Western Digital Discovery WD Discovery is a remote connection management tool for Western Digital personal storage devices from Western Digital. A security vulnerability exists in Western Digital Discovery versions prior to 5.0.589 that stems from a configuration error that could allow code...

7.1CVSS7.4AI score0.00259EPSS

CNNVD•added 2024/08/01 12:0 a.m.•3 views

Soft Serve 安全漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A security vulnerability exists in Soft Serve versions prior to 0.7.5 that stems from improper handling of environment variables. Users could execute arbitrary code via environment manipulation and Git while committing...

8.1CVSS7.2AI score0.00509EPSS

NVD•added 2024/07/31 7:15 p.m.•26 views

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

6.1CVSS0.00132EPSS

Spring Security Advisories•added 2024/07/31 12:0 a.m.•14 views

Spring AI with Groq - a blazingly fast AI inference engine

Faster information processing not only informs - it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with support for Tool/Function calling...

6.9AI score

Exploits0

CVE•added 2024/07/31 12:0 a.m.•55 views

CVE-2023-28149

The CVE-2023-28149 issue affects the IhisiServiceSmm module in Insyde InsydeH2O. Affected kernel series include 5.2 prior to 05.28.42, 5.3 prior to 05.37.42, 5.4 prior to 05.45.39, 5.5 prior to 05.53.39, and 5.6 prior to 05.60.39. The vulnerability could allow an attacker to modify UEFI variables...

6.1CVSS6.5AI score0.00132EPSS

Vulnrichment•added 2024/07/31 12:0 a.m.•10 views

CVE-2023-28149

6.7AI score0.00132EPSS

Cvelist•added 2024/07/31 12:0 a.m.•22 views

CVE-2023-28149

0.00132EPSS

NVD•added 2024/07/29 4:15 p.m.•35 views

CVE-2024-42081

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xedevcoredump: Check NULL before assignments Assign 'xedevcoredumpsnapshot ' and 'xedevice ' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.Ashutosh/Jose v4 - Drop return check...

5.5CVSS0.00194EPSS