Lucene search
K

13682 matches found

NVD
NVD
added 2024/11/05 6:15 p.m.12 views

CVE-2024-50114

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvmputkvm+0x300/0xe68...

7.8CVSS0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/05 5:11 p.m.14 views

CVE-2024-50137 reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC

In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data-asserted will be NULL on JH7110 SoC since commit 82327b127d41 "reset: starfive: Add StarFive JH7110 reset driver" was added. Add the judgment condition to...

0.00214EPSS
Exploits0References3
CVE
CVE
added 2024/11/05 5:11 p.m.210 views

CVE-2024-50137

CVE-2024-50137 affects the Linux kernel, specifically the StarFive JH7110 reset driver. A fault in reset_control_status can cause data->asserted to be NULL on the JH7110 SoC, triggering errors when accessing an empty member. The issue has been fixed by adding a judgment condition to avoid null...

5.5CVSS5.3AI score0.00214EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/11/05 5:10 p.m.146 views

CVE-2024-50131

CVE-2024-50131 affects the Linux kernel tracing subsystem, where length validation for events didn’t account for the NULL terminator. strlen() reports length excluding the trailing null, so if the string length equals the maximum buffer, there is no room for the NULL terminator, allowing potentia...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/11/05 5:10 p.m.15 views

CVE-2024-50108 drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING 1 traces when calling...

0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/04 11:7 p.m.14 views

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

6CVSS6.1AI score0.00471EPSS
Exploits0References4
OSV
OSV
added 2024/11/04 11:7 p.m.10 views

CVE-2024-51498 [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance

cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the javascript: protocol, resulting in Cross-site Scripting XSS when the user tries to download an item from a picker. This issue has been present since commit 66bac03e, was mitigated in...

6CVSS6.2AI score0.00471EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/11/04 12:32 p.m.15 views

Safearchive Path Traversal vulnerability

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

7.5CVSS6.7AI score0.00194EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/04 10:47 a.m.14 views

CVE-2024-10389 Path Traversal in Safearchive

There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems e.g., NTFS. This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc...

5.9CVSS7AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2024/11/04 10:47 a.m.54 views

CVE-2024-10389

CVE-2024-10389 describes a path-traversal in Safearchive on platforms with case-insensitive filesystems (e.g., NTFS) that allows an attacker to write arbitrary files via archive extraction containing symbolic links. The initial description provides affected conditions and a recommended fix: upgra...

7.5CVSS6.5AI score0.00194EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2024/11/02 3:49 a.m.2 views

SUSE CVE-2024-47832

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.8CVSS7AI score0.00387EPSS
Exploits0References5
NVD
NVD
added 2024/10/31 6:15 p.m.20 views

CVE-2024-50356

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Onl...

0.00361EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/31 2:23 p.m.35 views

DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...

9.8CVSS6.8AI score0.01176EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2024/10/31 2:23 p.m.2 views

GHSA-P3VF-V8QC-CWCR DOMPurify vulnerable to tampering by prototype polution

dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc...

9.3CVSS7.2AI score0.01176EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.4 views

PT-2024-34165 · Frappe · Press

Name of the Vulnerable Software and Affected Versions: Press versions prior to the version containing commit ba0007c28ac814260f836849bc07d29beea7deb6 Description: The issue concerns a password reset vulnerability in Press, a custom app for Frappe Cloud that manages various services including...

7.4AI score0.00361EPSS
Exploits0References7
OSV
OSV
added 2024/10/30 9:15 p.m.4 views

CVE-2023-52066

http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...

7.2CVSS5.8AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 9:15 p.m.10 views

CVE-2023-52066

http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...

7.2CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.19 views

CVE-2023-52066

http.zig commit 76cf5 was discovered to contain a CRLF injection vulnerability via the url parameter...

0.00256EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 12:0 a.m.53 views

CVE-2023-52066

CVE-2023-52066 affects http.zig (commit 76cf5). The issue is a CRLF injection via the url parameter, with CVSS 3.1: Network attack, no user interaction, low confidentiality/integrity impact, no availability impact; scope is changed. Exploitation status is not provided in the supplied documents; n...

7.2CVSS7.8AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2024/10/29 12:50 a.m.282 views

CVE-2024-50087

The connected Astra Linux advisory & the CVE entry describe a Linux kernel vulnerability in btrfs: read_alloc_one_name() may leave fscrypt_str.name uninitialized if kmalloc fails, so freeing fscrypt_str can access an uninitialized pointer. This is a local (L) issue with LOW initial access but HIG...

5.5CVSS5.6AI score0.00206EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder