Lucene search
K

8528 matches found

CNNVD
CNNVD
added 2024/07/29 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the unit sysfs attribute should not provide more access to nvmem data than the main attribute...

5.5CVSS7.1AI score0.00268EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/07/24 7:12 p.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
OSV
OSV
added 2024/07/24 4:15 p.m.5 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2024/07/24 8:15 a.m.4 views

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS6AI score0.00305EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/24 7:58 a.m.21 views

CVE-2024-3454 In-Fabric Matter Cluster Attribute Disclosure

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric footprinting, even though the protocol is designed to prevent access to such information...

3.5CVSS6.5AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.3 views

WordPress plugin WP Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.00305EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.23 views

EulerOS 2.0 SP8 : python-jinja2 (EulerOS-SA-2024-2060)

According to the versions of the python-jinja2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible ...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/19 12:0 a.m.9 views

The vulnerability of the Attribute Admin Setup component of the software application Attribute Admin Setup of the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data.

The vulnerability of the Attribute Admin Setup component of the Attribute Admin Setup software and the Oracle E-Business Suite system exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to modify, add, or...

5CVSS7.1AI score0.00382EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2024/07/18 3:21 p.m.3 views

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in logentryattr...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/07/18 3:6 a.m.2 views

SUSE CVE-2022-48828

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow iattr::iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is...

5.5CVSS6.7AI score0.00251EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2024/07/17 8:15 a.m.3 views

CVE-2024-5582

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attribute...

6.4CVSS6.1AI score0.00385EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/17 6:45 a.m.20 views

CVE-2024-5251 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/07/17 3:32 a.m.2 views

SUSE CVE-2024-40972

In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking which acquires locks on othe...

4.7CVSS6.8AI score0.00221EPSS
Exploits0References15
Patchstack
Patchstack
added 2024/07/17 2:17 a.m.6 views

WordPress Schema & Structured Data for WP & AMP plugin <= 1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via url Attribute vulnerability discovered by wesley wcraft in WordPress Plugin Schema & Structured Data for WP & AMP versions = 1.33...

6.4CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.5 views

PT-2024-36589 · WordPress · Schema & Structured Data For Wp & Amp

Name of the Vulnerable Software and Affected Versions: Schema & Structured Data for WP & AMP plugin for WordPress versions up to, and including, 1.33 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the url attribute...

6.4CVSS6.9AI score0.00385EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2024/07/16 6:55 p.m.26 views

CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. Mitigation Mitigation for th...

4.2CVSS8.2AI score0.0027EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/07/16 6:54 p.m.19 views

CVE-2024-40978

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

4.1CVSS6.8AI score0.0032EPSS
Exploits0References4
OSV
OSV
added 2024/07/16 12:15 p.m.2 views

UBUNTU-CVE-2022-48829

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::iasize is a lofft, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64max without corrupting the value...

5.5CVSS6.6AI score0.00254EPSS
Exploits0References7
CNVD
CNVD
added 2024/07/16 12:0 a.m.10 views

IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33370)

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that stems from not setting a security attribute on an authorization token or session cookie, which can be exploited by an attacker t...

4.3CVSS6AI score0.00233EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/16 12:0 a.m.19 views

EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2024-1971)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...

6.1CVSS7.4AI score0.00979EPSS
Exploits0References3
Rows per page
Query Builder