Lucene search
K

8527 matches found

Debian CVE
Debian CVE
added 2024/08/21 6:10 a.m.20 views

CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the comment abov...

7.8CVSS5.4AI score0.00248EPSS
Exploits0
CVE
CVE
added 2024/08/21 6:10 a.m.75 views

CVE-2023-52906

CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...

7.8CVSS6.3AI score0.00248EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/08/21 12:34 a.m.5 views

kernel: NFSv4: Fix memory leak in nfs4_set_security_label

A vulnerability was found in the nfs4setsecuritylabel in the Linux kernel, where the function fails to free the nfsfattr attribute before exiting, leaving said memory allocation present. As the nfs4setsecuritylabel is called repeatedly over time, this may lead to memory exhaustion...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2024/08/21 12:20 a.m.4 views

USN-6966-2 firefox regressions

USN-6966-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

5.9AI score
Exploits0References2
OSV
OSV
added 2024/08/21 12:15 a.m.1 views

DEBIAN-CVE-2024-43864

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware c...

5.5CVSS5.7AI score0.00207EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/20 8:33 p.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
NVD
NVD
added 2024/08/20 6:15 a.m.27 views

CVE-2024-5576

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'coursecarouselskin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS0.00323EPSS
Exploits0References6
OSV
OSV
added 2024/08/20 4:15 a.m.6 views

CVE-2024-5763

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...

5.4CVSS5.9AI score0.00363EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/08/20 2:15 a.m.3 views

SUSE CVE-2024-44070

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

7.5CVSS7AI score0.00641EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2024/08/20 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:1863-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.1AI score0.00979EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.54 views

FreeBSD : Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter (04c9c3f8-5ed3-11ef-8262-b0416f0c4c67)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 04c9c3f8-5ed3-11ef-8262-b0416f0c4c67 advisory. [email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in...

6.1CVSS7.2AI score0.00979EPSS
Exploits0References3
Veracode
Veracode
added 2024/08/19 10:16 a.m.608 views

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

6.7AI score
Exploits0References5Affected Software3
OSV
OSV
added 2024/08/19 3:36 a.m.2 views

USN-6966-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2024-7518, CVE-2024-7521,...

9.8CVSS6.9AI score0.00602EPSS
Exploits0References14
OSV
OSV
added 2024/08/19 2:15 a.m.8 views

AZL-47868 CVE-2024-44070 affecting package frr for versions less than 9.1.1-2

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

7.5CVSS7.4AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2024/08/19 2:15 a.m.7 views

AZL-47862 CVE-2024-44070 affecting package frr for versions less than 8.5.5-1

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

7.5CVSS7.4AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2024/08/19 2:15 a.m.3 views

DEBIAN-CVE-2024-44070

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

7.5CVSS8.2AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2024/08/19 2:15 a.m.2 views

UBUNTU-CVE-2024-44070

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...

9.8CVSS7.2AI score0.00641EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/08/19 2:6 a.m.5 views

mozilla: Out of bounds read in editor component

The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. This could have led to an out-of-bounds read...

9.1CVSS7.4AI score0.00598EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/19 1:48 a.m.2 views

mozilla: Out of bounds read in editor component

The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. This could have led to an out-of-bounds read...

9.1CVSS7.4AI score0.00598EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.4 views

PT-2024-37912 · WordPress · Wp Last Modified Info

Name of the Vulnerable Software and Affected Versions: WP Last Modified Info plugin for WordPress versions up to, and including, 1.9.0 Description: The issue is related to Stored Cross-Site Scripting via the template attribute of the lmt-post-modified-info shortcode. This is due to insufficient...

6.4CVSS5.9AI score0.00313EPSS
Exploits0References12
Rows per page
Query Builder