Lucene search
+L

168 matches found

UbuntuCve
UbuntuCve
added 2024/05/30 1:15 p.m.26 views

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References28
Cvelist
Cvelist
added 2024/05/30 12:52 p.m.29 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

7.4AI score0.00249EPSS
Exploits0References8
CVE
CVE
added 2024/05/30 12:52 p.m.168 views

CVE-2024-36017

The CVE-2024-36017 entry is valid and has concrete details in connected sources. The vulnerability is in the Linux kernel rtnetlink path: nested IFLA_VF_VLAN_LIST attributes are assumed to be struct ifla_vf_vlan_info (size 14 bytes). Validation used NLA_HDRLEN (4 bytes), enabling a too-small attr...

5.5CVSS6.5AI score0.00249EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/05/30 12:52 p.m.21 views

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

5.5CVSS5.8AI score0.00249EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2024/05/15 10:18 p.m.15 views

Laravel Guard bypass in Eloquent models

In laravel releases before 6.18.34 and 7.23.2. It was possible to mass assign Eloquent attributes that included the model's table name: $model-fill'users.name' = 'Taylor'; When doing so, Eloquent would remove the table name from the attribute for you. This was a "convenience" feature of Eloquent...

7.1AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.23 views

Oracle Linux 9 : python-jinja2 (ELSA-2024-2348)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2348 advisory. 2.11.3-5 - Security fix for CVE-2024-22195 Resolves: RHEL-21349 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.1CVSS7.2AI score0.00892EPSS
Exploits0References2
CVE
CVE
added 2024/04/26 5:0 a.m.81 views

CVE-2024-3188

CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...

6.3CVSS8AI score0.00438EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/17 11:15 a.m.1 views

DEBIAN-CVE-2024-26849

In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nlavalidaterangeunsigned lib/nlattr.c:222 inline BUG: KMSAN: uninit-value in nlavalidateintrange lib/nlattr.c:336 inline BUG: KMSAN: uninit-value in...

5.5CVSS4.9AI score0.00223EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.17 views

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

5.7AI score0.00303EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.5 views

WordPress Plugin Tabs Shortcode and Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6AI score0.00431EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.35 views

EulerOS 2.0 SP10 : python-jinja2 (EulerOS-SA-2024-1346)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.31 views

EulerOS 2.0 SP10 : python-jinja2 (EulerOS-SA-2024-1324)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
Prion
Prion
added 2024/03/11 6:15 p.m.24 views

Cross site scripting

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.9AI score0.00497EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2024/03/06 4:34 a.m.2 views

SUSE CVE-2023-52520

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.40 views

Amazon Linux 2023 : python3-jinja2 (ALAS2023-2024-503)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-503 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML...

6.1CVSS7.5AI score0.00892EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/01/11 11:4 a.m.56 views

CVE-2024-22195

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

5.4CVSS6.5AI score0.00892EPSS
Exploits0References5
NVD
NVD
added 2024/01/11 3:15 a.m.109 views

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.2AI score0.00892EPSS
Exploits0References7
Prion
Prion
added 2024/01/11 3:15 a.m.31 views

Cross site scripting

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

5.8CVSS6.1AI score0.00892EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 2:25 a.m.1 views

CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

5.4CVSS6.7AI score0.00892EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/01/11 2:25 a.m.33 views

CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS7.2AI score0.00892EPSS
Exploits0
Rows per page
Query Builder