Lucene search
K

8540 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.46 views

RHEL 8 : python-jinja2 (RHSA-2024:3102)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3102 advisory. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports...

6.1CVSS7.3AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 8:37 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 8:37 p.m.31 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-ansible-core) security update

An update for openstack-ansible-core is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/05/22 10:25 a.m.4 views

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in logentryattr...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 10:20 a.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 10:6 a.m.3 views

frr: crafted BGP UPDATE message leading to a crash

A flaw was found in FRRouting. A crash can occur for a crafted BGP UPDATE message without mandatory attributes for example, one with only an unknown transit attribute...

5.9CVSS5.7AI score0.00785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 10:6 a.m.5 views

frr: processes invalid NLRIs if attribute length is zero

A flaw was found in FRRouting, where it is susceptible to a denial of service vulnerability triggered by a NULL pointer dereference issue during the processing of Network Layer Reachability Information NLRIs with a zero attribute length. The vulnerability arises from inadequate validation of...

7.5CVSS5.7AI score0.01058EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 10:3 a.m.3 views

kernel: cpufreq: amd-pstate: fix global sysfs attribute type

In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix global sysfs attribute type In commit 3666062b87ec "cpufreq: amd-pstate: move to use busgetdevroot" the "amdpstate" attributes where moved from a dedicated kobject to the cpu root kobject. While the...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/22 9:46 a.m.3 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2024/05/22 12:0 a.m.31 views

ALSA-2024:3102 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.26 views

CentOS 8 : python-jinja2 (CESA-2024:3102)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:3102 advisory. - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary...

6.1CVSS7.6AI score0.00892EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.23 views

RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-ansible-core) (RHSA-2024:2733)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2733 advisory. An ansible-core rebuild for OpenStack based on python 3.9. Security Fixes: HTML attribute injection when passing user input as keys to xmlattr filter...

6.1CVSS7.3AI score0.00892EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.63 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.4AI score0.00892EPSS
Exploits0References4
OSV
OSV
added 2024/05/22 12:0 a.m.49 views

ALSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

9.8CVSS7.7AI score0.04268EPSS
Exploits5References12
Vulnrichment
Vulnrichment
added 2024/05/21 3:30 p.m.17 views

CVE-2023-52779 fs: Pass AT_GETATTR_NOSEC flag to getattr interface function

In the Linux kernel, the following vulnerability has been resolved: fs: Pass ATGETATTRNOSEC flag to getattr interface function When vfsgetattrnosec calls a filesystem's getattr interface function then the 'nosec' should propagate into this function so that vfsgetattrnosec can again be called from...

6.8AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2024/05/21 3:15 p.m.15 views

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

6.2CVSS6.2AI score0.00237EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/05/21 3:15 p.m.15 views

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

6.2CVSS6.3AI score0.00237EPSS
Exploits0References5
CVE
CVE
added 2024/05/21 2:19 p.m.88 views

CVE-2021-47228

CVE-2021-47228 affects the Linux kernel x86/ioremap code. The issue arises when EFI boot services memory is preserved with efi_mem_reserve() and marked EFI_MEMORY_RUNTIME; under SEV, such memory must be mapped encrypted, otherwise the kernel may crash during boot. The public docs indicate a fix t...

6.2CVSS7.2AI score0.00237EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/21 10:15 a.m.4 views

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
NVD
NVD
added 2024/05/21 10:15 a.m.20 views

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References3
Rows per page
Query Builder