Lucene search
K

8549 matches found

Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.6 views

PT-2024-26741

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the DisplayPort driver's sysfs nodes being present to the userspace before the completion of typec altmode set drvdata in dp altmode probe. This can trigger a NUL...

5.5CVSS5.5AI score0.00225EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.30 views

RHEL 8 : frr (RHSA-2024:1113)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1113 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR,...

9.8CVSS7.7AI score0.00939EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2024/03/04 8:2 p.m.33 views

CVE-2023-52520

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

5.5CVSS6.7AI score0.00239EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.26 views

openSUSE: Security Advisory for squashfs (SUSE-SU-2023:4591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.4AI score0.0691EPSS
Exploits2References2
NVD
NVD
added 2024/03/02 10:15 p.m.17 views

CVE-2023-52520

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

5.5CVSS7.3AI score0.00239EPSS
Exploits0References4
Prion
Prion
added 2024/03/02 10:15 p.m.22 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

7.6AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/02 9:52 p.m.18 views

CVE-2023-52520 platform/x86: think-lmi: Fix reference leak

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

6.9AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/02 9:52 p.m.21 views

CVE-2023-52520 platform/x86: think-lmi: Fix reference leak

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned which needs to be disposed accordingly using kobjectput. Move the setting name validation...

7.5AI score0.00239EPSS
Exploits0References4
NVD
NVD
added 2024/03/01 5:15 p.m.12 views

CVE-2023-52557

In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...

7.5CVSS6.6AI score0.00555EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/01 4:14 p.m.9 views

CVE-2023-52557 OpenBSD 7.3 invalid l2tp message npppd crash

In OpenBSD 7.3 before errata 016, npppd8 could crash by a l2tp message which has an AVP Attribute-Value Pair with wrong length...

6.6AI score0.00555EPSS
Exploits0References2
OSV
OSV
added 2024/03/01 6:15 a.m.3 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

9.3CVSS6.3AI score0.00994EPSS
Exploits2References1
NVD
NVD
added 2024/03/01 6:15 a.m.25 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

9.3CVSS8AI score0.00994EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/01 12:0 a.m.14 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

8.6AI score0.00994EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.3 views

MJML App Security Vulnerability

MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...

9.3CVSS7.3AI score0.00994EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.6 views

PT-2024-14627 · Openbsd · Openbsd

Name of the Vulnerable Software and Affected Versions: OpenBSD version 7.3 Description: The issue is related to a crash in npppd8 caused by an L2TP message containing an AVP Attribute-Value Pair with an incorrect length. Recommendations: For OpenBSD version 7.3, apply errata 016 to resolve the...

7.5CVSS7.1AI score0.00555EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.4 views

PT-2024-20866 · Mjml-App · Mjml-App

Name of the Vulnerable Software and Affected Versions: mjml-app versions 3.0.4 through 3.1.0-beta Description: The issue allows for remote code execution RCE via the href attribute. Recommendations: For versions 3.0.4 and 3.1.0-beta, consider restricting access to the href attribute until a patch...

9.3CVSS7.3AI score0.00994EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/03/01 12:0 a.m.25 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

8.2AI score0.00994EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/02/29 7:47 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
OSV
OSV
added 2024/02/29 1:43 a.m.6 views

CVE-2024-1070

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

5.4CVSS6AI score0.00531EPSS
Exploits0References3
OSV
OSV
added 2024/02/29 1:43 a.m.3 views

CVE-2024-1054

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...

5.4CVSS7.4AI score0.00343EPSS
Exploits0References2
Rows per page
Query Builder