Lucene search
K

8529 matches found

OSV
OSV
added 2024/07/11 6:31 p.m.29 views

GHSA-VC8W-JR9V-VJ7F Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...

6.4CVSS6.5AI score
Exploits0References5
Debian CVE
Debian CVE
added 2024/07/11 5:15 p.m.11 views

CVE-2024-6531

Removed by vendor...

7AI score
Exploits0
NVD
NVD
added 2024/07/11 5:15 p.m.37 views

CVE-2024-39549

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not...

8.7CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2024/07/11 5:8 p.m.137 views

CVE-2024-6485

CVE-2024-6485 is a Bootstrap XSS vulnerability in the button component’s data-loading-text attribute. Affected: Bootstrap 3.x (notably Bootstrap 3.x series); impact is cross-site scripting when the loading state is triggered. Mitigation: Debian LTS advisory indicates fixed in 3.4.1+dfsg-2+deb11u1...

6.4CVSS6AI score0.00494EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/07/11 5:8 p.m.11 views

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

6.4CVSS6.6AI score0.00494EPSS
Exploits0
Cvelist
Cvelist
added 2024/07/11 5:3 p.m.53 views

CVE-2024-6484

...

Exploits0
Cvelist
Cvelist
added 2024/07/11 4:27 p.m.37 views

CVE-2024-39549 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not...

8.7CVSS0.00466EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/11 11:55 a.m.7 views

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

5.3CVSS7.2AI score0.02064EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 3:53 a.m.2 views

Malicious code in sap-attribute (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6a5de89e4dd90b8b85bea5f4512df328d5a6a7c1aea2f79b4f8d3307e2328af8 The OpenSSF Package Analysis project identified 'sap-attribute' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
RubySec
RubySec
added 2024/07/11 12:0 a.m.18 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.3 views

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

8.7CVSS6.7AI score0.00466EPSS
Exploits0References2
RubySec
RubySec
added 2024/07/11 12:0 a.m.37 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.4 views

PT-2024-10327 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a possible null dereference in the Linux kernel when a PSE supports both c33 and PoDL, but only one of the netlink attributes is specified. The c33 or PoDL PSE...

5.5CVSS6.6AI score0.0018EPSS
Exploits0References14
Cvelist
Cvelist
added 2024/07/10 10:36 p.m.38 views

CVE-2024-39555 Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service DoS. Continued recei...

8.7CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2024/07/10 3:28 p.m.66 views

CVE-2023-33860

CVE-2023-33860 affects IBM Security QRadar EDR version 3.12. The vulnerability arises because authorization tokens or session cookies are not marked with the Secure attribute, enabling cookies to be sent over HTTP. Attack scenario described in the sources includes sending a link via HTTP or embed...

5.3CVSS5AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/07/10 8:15 a.m.3 views

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

6.4CVSS6.1AI score0.00329EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.5 views

opus security breach

opus is an open source native binding to libopus v1.3 by discord.js. A security vulnerability exists in opus that stems from supplying input objects with the toString attribute to several different functions, making it susceptible to denial of service DoS attacks...

7.5CVSS6.7AI score0.00597EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.83 views

Juniper Junos OS Vulnerability (JSA83011)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83011 advisory. - An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows a network based,...

8.7CVSS5.6AI score0.00466EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/07/09 12:59 p.m.2 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 9:23 a.m.2 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
Rows per page
Query Builder