Lucene search
K

8549 matches found

RedHat Linux
RedHat Linux
added 2024/03/25 7:36 p.m.5 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:36 p.m.4 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:35 p.m.3 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/25 6:54 p.m.4 views

Mozilla: Integer overflow could have led to out of bounds write

The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...

8.4CVSS7.5AI score0.00385EPSS
Exploits1References6
OSV
OSV
added 2024/03/23 3:15 a.m.2 views

CVE-2024-2468

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpressprotwitchtheme ' attribute in all versions up to, and...

5.4CVSS7.4AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.5 views

PT-2024-29186

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the ext4 file system in the Linux kernel. The function ext4 xattr set entry creates new EA inodes while holding a buffer lock on the external xattr block. This ca...

7.5CVSS5.7AI score0.00221EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

WordPress Plugin UX Flat Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.4CVSS6AI score0.00504EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/03/19 11:30 a.m.4 views

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in logentryattr...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References5
CNVD
CNVD
added 2024/03/19 12:0 a.m.15 views

IBM Sterling Secure Proxy Information Disclosure Vulnerability

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. An information disclosure vulnerability exists in IBM Sterling Secure Proxy that stems from not setting a...

4.3CVSS6.1AI score0.00281EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.3 views

WordPress Plugin Tabs Shortcode and Widget Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6AI score0.00431EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/03/16 12:0 a.m.2 views

PT-2024-40664 · Git +1 · P11-Kit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow error, specifically a WRITE 8 crash type. The crash involves several function calls, including p11 rpc...

7.1AI score
Exploits0References2
OSV
OSV
added 2024/03/15 11:7 a.m.11 views

OESA-2024-1284 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: f2fs: explicitly null-terminate the xattr list When setting an xattr, explicitly null-terminate the xattr list. This eliminates the fragile assumption that the...

7.8CVSS7.3AI score0.0061EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.2 views

IBM Sterling Secure Proxy 安全漏洞

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. An information disclosure vulnerability exists in IBM Sterling Secure Proxy that stems from not setting a...

4.3CVSS6AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.3 views

PT-2024-13337 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: The issue concerns the failure to set the secure attribute on authorization tokens or session cookies. Attackers may exploit this by sending a http:// link to a user or by...

4.3CVSS6.2AI score0.00281EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/03/15 12:0 a.m.3 views

The vulnerability of the Oracle LDAP Attribute Handler component in the access control solutions from Broadcom and Symantec Identity Manager and Symantec Identity Governance and Administration allows a attacker to execute XSS attacks.

The vulnerability of the Oracle LDAP Attribute Handler component in the access control solutions from Broadcom and Symantec Identity Manager and Symantec Identity Governance and Administration relates to the lack of security measures for the website structure. Exploiting this vulnerability could...

6.4CVSS6.2AI score0.00514EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/03/14 10:15 p.m.4 views

CVE-2024-2249

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. Th...

5.4CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2024/03/14 1:3 p.m.6 views

Cross-site Scripting (XSS)

Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS when a page uses Url for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and...

6.1CVSS7AI score0.00516EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/03/14 4:11 a.m.2 views

SUSE CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

8.4CVSS8.1AI score0.00507EPSS
Exploits0References4
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-1497

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00532EPSS
Exploits0References3
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1393

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iconalign' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00501EPSS
Exploits0References3
Rows per page
Query Builder