Lucene search
K

8548 matches found

OSV
OSV
added 2024/04/03 5:15 p.m.2 views

UBUNTU-CVE-2023-52641

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocateframe It is preferable to exit through the out: label because internal debugging functions are located there...

5.5CVSS6.1AI score0.00239EPSS
Exploits0References18
CVE
CVE
added 2024/04/03 5:0 p.m.110 views

CVE-2023-52641

CVE-2023-52641 : Linux kernel vulnerability in the ntfs3 file system driver. A NULL pointer dereference could occur at the end of attr_allocate_frame(); a patch adds NULL pointer checks and directs exit via the out: label to avoid dereference of debugging helpers. The issue is resolved by this fi...

5.5CVSS6.5AI score0.00239EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/02 7:34 p.m.5 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2024/04/02 7:15 a.m.1 views

DEBIAN-CVE-2023-52631

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfsloadattrlist. The "size" comes from le32tocpuattr-res.datasize so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can...

5.5CVSS5.5AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2024/04/02 7:15 a.m.0 views

UBUNTU-CVE-2023-52631

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfsloadattrlist. The "size" comes from le32tocpuattr-res.datasize so it can't overflow on a 64bit systems but on 32bit systems the "+ 1023" can...

5.5CVSS6.1AI score0.00225EPSS
Exploits0References18
OSV
OSV
added 2024/04/01 8:33 p.m.29 views

GHSA-C4GR-Q97G-PPWC In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Impact Versions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believ...

8.7CVSS7.4AI score0.0031EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/04/01 4:5 a.m.6 views

WordPress WP Chat App plugin <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Block Image Attribute vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin WP Chat App versions = 3.6.2...

6.4CVSS6.5AI score0.0036EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.5 views

PT-2024-23230 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows authenticated attackers with author-level access and above to inject a PHP Object via deserialization of untrusted inp...

8.8CVSS9.7AI score0.00775EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.5 views

PT-2024-20660 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Addons for Elementor plugin for WordPress versions up to, and including, 2.7.17 Description: The issue is related to Stored Cross-Site Scripting via the html tag attribute of multiple widgets due to insufficient input sanitization a...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.4 views

PT-2024-22866 · WordPress · Sydney Toolbox

Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.26 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of widgets due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/03/27 1:22 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2024/03/27 5:15 a.m.2 views

DEBIAN-CVE-2023-45922

glxpbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling glXGetDrawableAttribute. NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server...

4.3CVSS5.2AI score0.00536EPSS
Exploits0References1
OSV
OSV
added 2024/03/27 5:15 a.m.3 views

UBUNTU-CVE-2023-45922

DISPUTED glxpbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling glXGetDrawableAttribute. NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server...

4.3CVSS5.8AI score0.00536EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.17 views

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

5.7AI score0.00303EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.3 views

X11 Mesa 3D Graphics Library 安全漏洞

X11 Mesa 3D Graphics Library is a 3D graphics library. A security vulnerability exists in X11 Mesa 3D Graphics Library version 23.0.4, which stems from glxpbuffer.c was found to contain a segmentation conflict vulnerability in a call to glXGetDrawableAttribute...

4.3CVSS6.4AI score0.00536EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/25 8:18 p.m.3 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 8:17 p.m.7 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 8:13 p.m.4 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:40 p.m.4 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:36 p.m.5 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
Rows per page
Query Builder