Lucene search
K

8527 matches found

Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.7 views

PT-2024-38890

Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...

8.8CVSS6.5AI score0.03034EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2024/08/29 3:20 a.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.5 views

PT-2024-37216 · Hubspot · Hubspot

Name of the Vulnerable Software and Affected Versions: HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress versions up to, and including, 11.1.22 Description: The issue is related to Stored Cross-Site Scripting via the url attribute of the HubSpot Meeting Widget due ...

6.4CVSS5.9AI score0.00355EPSS
Exploits0References10
Veracode
Veracode
added 2024/08/28 8:32 p.m.5 views

Sensitive Cookie In HTTPS Session Without "Secure" Attribute

taipy is vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute. The vulnerability is due to the improper setting of security flags on session cookies. An attacker can intercept or tamper with the cookie over insecure connections by exploiting the lack of Secure and HttpOnly...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/08/28 12:34 p.m.2 views

kernel: scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

7.1CVSS6.8AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/28 12:34 p.m.3 views

kernel: NFSv4: Fix memory leak in nfs4_set_security_label

A vulnerability was found in the nfs4setsecuritylabel in the Linux kernel, where the function fails to free the nfsfattr attribute before exiting, leaving said memory allocation present. As the nfs4setsecuritylabel is called repeatedly over time, this may lead to memory exhaustion...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References5
Redos
Redos
added 2024/08/28 12:0 a.m.13 views

ROS-20240828-08

Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to using uninitialized resource. is related to the use of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to disclose protected information Vulnerability in...

9.8CVSS7.8AI score0.00598EPSS
Exploits0
Veracode
Veracode
added 2024/08/26 8:37 a.m.11 views

Incorrect Input Validation

libfrr.so is vulnerable to Incorrect Input Validation. The vulnerability is caused due to an issue in function bgpattrencap within bgpd/bgpattr.c which does not check the actual remaining stream length before taking the TLV value...

9.8CVSS6.6AI score0.00641EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2024/08/22 3:14 a.m.2 views

SUSE CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

5.5CVSS6.5AI score0.0024EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.6, which stems from a denial of service DoS vulnerability when parsing deep XML containing many attributes with the same local name...

5.9CVSS6.3AI score0.01205EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/08/21 6:10 p.m.12 views

CVE-2023-52906

A flaw was found in the Linux Kernel. The 'TCAMPLSLABEL' attribute is of the 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to 'struct nlapolicy', which can trigger the nlagetrangeunsigned warning when validation of the attribute fails...

5.5CVSS7.2AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 4:3 p.m.25 views

GO-2022-1192 usememos/memos missing Secure cookie attribute in github.com/usememos/memos

usememos/memos missing Secure cookie attribute in github.com/usememos/memos...

6.5CVSS6.3AI score0.00376EPSS
Exploits1References4
NVD
NVD
added 2024/08/21 7:15 a.m.15 views

CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

7.8CVSS0.00248EPSS
Exploits0References5
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

DEBIAN-CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

7.8CVSS5.4AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

DEBIAN-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

5.5CVSS5.2AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 7:15 a.m.2 views

DEBIAN-CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS5.3AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 7:15 a.m.3 views

UBUNTU-CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

7.8CVSS5.9AI score0.00248EPSS
Exploits0References8
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

UBUNTU-CVE-2022-48882

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...

5.5CVSS5.9AI score0.00205EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/21 6:10 a.m.18 views

CVE-2023-52906 net/sched: act_mpls: Fix warning during failed attribute validation

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

6.7AI score0.00248EPSS
Exploits0References5
CVE
CVE
added 2024/08/21 6:10 a.m.74 views

CVE-2023-52906

CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...

7.8CVSS6.3AI score0.00248EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder