Lucene search
K

8528 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/16 12:0 a.m.24 views

EulerOS 2.0 SP9 : python-jinja2 (EulerOS-SA-2024-1944)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters...

6.1CVSS7.4AI score0.00979EPSS
Exploits0References3
OSV
OSV
added 2024/07/15 12:17 p.m.36 views

RLSA-2024:4231 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064 For...

5.4CVSS6.6AI score0.00979EPSS
Exploits0References2
OSV
OSV
added 2024/07/14 1:15 p.m.5 views

CVE-2024-39734

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent...

4.3CVSS5.6AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.24 views

CVE-2024-5744 WP eMember < 10.6.7 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.0043EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.4 views

PT-2024-37090 · WordPress · If-So Dynamic Content Personalization

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.4 Description: The issue is related to Reflected Cross-Site Scripting in old web browsers due to the failure to escape the $ SERVER'REQUEST URI' parameter before...

5.4CVSS6.5AI score0.00353EPSS
Exploits1References4
OSV
OSV
added 2024/07/12 1:55 p.m.18 views

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

8.1CVSS7.7AI score0.0691EPSS
Exploits2References8
NVD
NVD
added 2024/07/12 1:15 p.m.14 views

CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

5.5CVSS0.0027EPSS
Exploits0References7
OSV
OSV
added 2024/07/12 1:15 p.m.2 views

DEBIAN-CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

5.5CVSS5.5AI score0.0027EPSS
Exploits0References1
OSV
OSV
added 2024/07/12 1:15 p.m.1 views

DEBIAN-CVE-2024-40972

In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4xattrsetentry creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking which acquires locks on othe...

5.5CVSS5.5AI score0.00221EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/07/12 12:37 p.m.15 views

CVE-2024-40990

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

5.5CVSS5.5AI score0.0027EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/12 12:37 p.m.25 views

CVE-2024-40990 RDMA/mlx5: Add check for srq max_sge attribute

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq maxsge attribute maxsge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it...

6.8AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/12 12:32 p.m.22 views

CVE-2024-40978 scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

0.0032EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/07/12 12:32 p.m.19 views

CVE-2024-40978 scsi: qedi: Fix crash while reading debugfs attribute

In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function invokes sprintf directly on a user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf...

6.8AI score0.0032EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/12 12:31 p.m.30 views

CVE-2024-40955 ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-out-of-bounds in ext4mbfindgoodgroupavgfraglists We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647...

0.00239EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/07/12 7:0 a.m.3 views

USB: core: Fix deadlock in port "disable" sysfs attribute

...

7.8CVSS6.7AI score0.00179EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/12 1:43 a.m.4 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.2 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the netfilter:nftinner component to properly validate the mandatory netlink attribute...

5.5CVSS8.6AI score0.00272EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a potential deadlock issue in the ext4 file system when creating an EA inode...

5.5CVSS8.2AI score0.00221EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.23 views

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

9.8CVSS9.2AI score0.02081EPSS
Exploits0References4
OSV
OSV
added 2024/07/11 6:31 p.m.29 views

GHSA-VC8W-JR9V-VJ7F Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...

6.4CVSS6.5AI score
Exploits0References5
Rows per page
Query Builder