Lucene search
K

13691 matches found

Cvelist
Cvelist
added 2024/09/27 5:41 p.m.18 views

CVE-2024-9301

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...

8.7CVSS0.00682EPSS
Exploits0References1
CVE
CVE
added 2024/09/27 5:41 p.m.48 views

CVE-2024-9301

CVE-2024-9301 describes a path-traversal vulnerability in Netflix’s E2Nest prior to the commit 8a41948e553c89c56b14410c6ed395e9cfb9250a. Affected software is E2Nest; vulnerable component is the file/path handling mechanism that allows unauthorized access to server files. The issue is linked to ve...

8.7CVSS7.1AI score0.00682EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/27 12:42 p.m.13 views

CVE-2024-46867 drm/xe/client: fix deadlock in show_meminfo()

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

6.8AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/27 12:42 p.m.35 views

CVE-2024-46864 x86/hyperv: fix kexec crash due to VP assist page corruption

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b "x86/hyperv: Fix hypervpcpuinputarg handling when CPUs go online/offline" introduces a new cpuhp state for hyperv initialization. cpuhpsetupstate...

0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/27 12:39 p.m.18 views

CVE-2024-46843 scsi: ufs: core: Remove SCSI host only if added

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcdasyncscan fails during ufshcdprobehba before adding a SCSI host with scsiaddhost and M...

0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.6 views

PT-2024-39556 · E2Nest · E2Nest

Name of the Vulnerable Software and Affected Versions: E2Nest versions prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a Description: A path traversal issue exists in the software. This issue allows for unauthorized access to files and directories. Recommendations: For versions prior to...

8.7CVSS7.1AI score0.00682EPSS
Exploits0References5
NVD
NVD
added 2024/09/26 8:15 p.m.11 views

CVE-2024-47179

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS0.00714EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/09/26 7:10 p.m.11 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS7.3AI score0.00714EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/09/26 7:10 p.m.19 views

CVE-2024-47179 RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.

RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made t...

8.8CVSS0.00714EPSS
Exploits0References8
CVE
CVE
added 2024/09/26 7:10 p.m.46 views

CVE-2024-47179

RSSHub’s docker-test-cont.yml workflow was vulnerable to Artifact Poisoning prior to commit 64e00e7, allowing an attacker to exploit an unvalidated artifact (rsshub.tar.zst) and potentially gain a full repository takeover via a malicious package.json. Downstream users were not affected, and commi...

8.8CVSS8.7AI score0.00714EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-32460 · Rsshub · Rsshub

Name of the Vulnerable Software and Affected Versions: RSSHub versions prior to commit 64e00e7 Description: RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning, which could have led to a full repository takeover. The workflow gets triggered when the PR - Docker build test...

8.8CVSS7.2AI score0.00714EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2024/09/20 6:15 p.m.17 views

CVE-2024-8612

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueuepush as set in virtioscsicompletereq / virtioblkreqcomplete / viritocryptoreqcomplete could be larger than the true size of the data which has been sent to guest. Once virtqueuepush finally...

3.8CVSS6.5AI score0.00203EPSS
Exploits0References2
OSV
OSV
added 2024/09/19 9:15 p.m.3 views

CVE-2024-9004

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/BackupServercommit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploi...

9.8CVSS5.5AI score
Exploits0References6
OSV
OSV
added 2024/09/19 6:30 p.m.2 views

GHSA-W69Q-W4H4-2FX8 Reverb use after free vulnerability

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

6.1CVSS6AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2024/09/19 4:15 p.m.33 views

CVE-2024-8375

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

7.8CVSS0.00123EPSS
Exploits0References2
OSV
OSV
added 2024/09/19 4:15 p.m.15 views

CVE-2024-8375

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

7.8CVSS7.3AI score
Exploits0References2
Cvelist
Cvelist
added 2024/09/19 3:50 p.m.41 views

CVE-2024-8375 Object deserialization in Reverb leading to RCE

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

5.7CVSS0.00123EPSS
Exploits0References2
CVE
CVE
added 2024/09/19 3:50 p.m.74 views

CVE-2024-8375

CVE-2024-8375 affects Google DeepMind Reverb. A use-after-free vulnerability arises when unpacking a tensor proto of type VARIANT: memory is allocated for the tensor, objects are constructed, then tensor_content is copied into pre-allocated memory, overwriting vtable pointers. This enables an att...

7.8CVSS7.3AI score0.00123EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2024/09/19 12:0 a.m.69 views

ROS-20240919-02

Vulnerability of the reweightentity function of the sched component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity, and availability. A...

7.8CVSS7.2AI score0.00248EPSS
Exploits0
OSV
OSV
added 2024/09/18 2:26 p.m.14 views

GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

7.1CVSS6.3AI score0.00519EPSS
Exploits1References8
Rows per page
Query Builder