Lucene search
K

87 matches found

Veracode
Veracode
added 2025/01/02 8:3 a.m.7 views

Prototype Pollution

jsii is vulnerable to prototype pollution. The vulnerability is due to insufficient validation of user input. When untrusted input is allowed to modify the prototype of objects, an attacker can inject malicious properties into the object's prototype, potentially altering the behavior of the entir...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/16 2:3 p.m.10 views

BIT-NODE-MIN-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS7.2AI score0.50099EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/06 3:57 p.m.32 views

CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability

The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address...

5.3CVSS0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/06 3:11 p.m.46 views

CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...

9.8CVSS0.00732EPSS
Exploits1References2
NVD
NVD
added 2024/11/19 2:16 a.m.17 views

CVE-2024-50271

In the Linux kernel, the following vulnerability has been resolved: signal: restore the overriderlimit logic Prior to commit d64696905554 "Reimplement RLIMITSIGPENDING on top of ucounts" UCOUNTRLIMITSIGPENDING rlimit was not enforced for a class of signals. However now it's enforced...

5.5CVSS0.00234EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: php (CVE-2024-8925)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8925 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form...

5.3CVSS7.1AI score0.00947EPSS
Exploits1References2
OSV
OSV
added 2024/10/10 7:14 a.m.17 views

BIT-PHP-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

5.3CVSS6AI score0.00947EPSS
Exploits1References4
NVD
NVD
added 2024/10/08 4:15 a.m.20 views

CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

5.3CVSS0.00947EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/08 3:35 a.m.25 views

CVE-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

3.1CVSS0.00947EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2024/10/08 3:35 a.m.14 views

CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

5.3CVSS6.1AI score0.00947EPSS
Exploits1
CVE
CVE
added 2024/10/08 3:35 a.m.328 views

CVE-2024-8925

CVE-2024-8925 affects PHP multipart form data parsing via HTTP POST. Affected: PHP 8.1.x before 8.1.30, 8.2.x before 8.2.24, and 8.3.x before 8.3.12. The issue is an erroneous parsing of multipart form data that could cause the application to exhibit incorrect behavior due to data handling incons...

5.3CVSS5.7AI score0.00947EPSS
Exploits1References3Affected Software1
Amazon
Amazon
added 2024/08/06 12:0 a.m.40 views

Medium: openssl

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

9.1CVSS8.3AI score0.05582EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2024/06/27 10:30 a.m.187 views

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS8AI score0.05582EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/06/27 12:0 a.m.54 views

OpenSSL Buffer Overread Vulnerability (20240627) - Windows

OpenSSL is prone to a buffer overread vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

9.1CVSS9.6AI score0.05582EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 4:17 p.m.29 views

CVE-2024-3372

Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior t...

7.5CVSS7.5AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 4:32 p.m.87 views

CVE-2024-3371

CVE-2024-3371 affects MongoDB Compass. Affected versions: 1.35.0–1.42.0. Root cause: insufficient validation of input from untrusted sources, enabling unintended behavior and data disclosure, with potential for attackers to impersonate users and perform MITM-style access to the channel. Public di...

7.1CVSS6.6AI score0.00231EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2024/04/24 4:32 p.m.110 views

Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...

7.1CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 11:5 a.m.25 views

BIT-NODE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS7.2AI score0.50099EPSS
Exploits0References4
Citrix
Citrix
added 2023/06/19 12:0 a.m.10 views

Published Explorer.exe and other applications close instantly after launch

When a published application such as Explorer is started, it closes instantly. Please note: this can also apply to many other applications that exhibit this behavior and not excluded to just explorer.exe. This is a built-in timer in Terminal Services which dictates if a session is not fully...

7AI score
Exploits0
OSV
OSV
added 2023/04/24 6:15 p.m.6 views

CVE-2023-26097

An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked...

5.5CVSS6.1AI score0.00188EPSS
Exploits0References3
Rows per page
Query Builder