7822 matches found
CentOS 9 : polkit-0.117-8.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the polkit-0.117-8.el9 build changelog. - A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow...
DEBIAN-CVE-2021-47048
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmpqspiexecop When handling op-addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store...
CVE-2021-46992
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Make global sysctls readonly in non-init netns These sysctls point to global variables: - NFSYSCTLCTMAX &nfconntrackmax - NFSYSCTLCTEXPECTMAX &nfctexpectmax - NFSYSCTLCTBUCKETS &nfconntrackhtablesizeuser...
CVE-2021-46975
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
On Linux Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges.
...
Cross-site Scripting in MLFlow
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
fastecdsa Security Vulnerabilities
fastecdsa is a Python library for fast elliptic curve encryption by the individual developer Antonkueltz. A security vulnerability exists in fastecdsa versions prior to 2.3.2 that stems from the easy use of uninitialized variables on the stack, which can be exploited by an attacker to cause a...
PYSEC-2024-240
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27132
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
Design/Logic Flaw
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
CVE-2024-27132
MLflow suffers from insufficient sanitization of template variables, enabling XSS when loading an untrusted recipe and potentially enabling client-side RCE in Jupyter Notebook. The root cause is lack of input sanitization in rendering templates. Public details about affected versions or patches a...
CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...
Mlflow Cross-Site Scripting Vulnerability
Mlflow is an open source platform for machine learning lifecycles. Mlflow suffers from a cross-site scripting vulnerability that stems from a lack of cleanup of template variables, leading to cross-site scripting...
CVE-2024-23137 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
A maliciously crafted STP or SLDPRT file, when parsed in ODXSWDLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...
Helm Security Vulnerabilities
Helm is a Kubernetes package manager. A security vulnerability exists in Helm versions prior to 3.14.2 that stems from uninitialized variables...
CVE-2024-21892
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...
AZL-34460 CVE-2024-21892 affecting package nodejs18 for versions less than 18.20.2-1
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...
AZL-35052 CVE-2024-21892 affecting package nodejs for versions less than 20.14.0-1
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...