CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13601 matches found

Positive Technologies•added 2024/07/10 12:0 a.m.•5 views

PT-2024-32172

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, where the lwt seg6 related BPF ops can be invoked via bpf test run without entering input action end bpf first. This is because the per-CPU...

5.5CVSS5.5AI score0.00011EPSS

Exploits0

SUSE CVE•added 2024/07/06 2:58 a.m.•2 views

SUSE CVE-2024-39475

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefbcheckvar failed The commit 04e5eac8f3ab"fbdev: savage: Error out if pixclock equals zero" checks the value of pixclock to avoid divide-by-zero error. However the function savagefbprob...

5.5CVSS6.1AI score0.00028EPSS

Exploits0References16

SUSE CVE•added 2024/07/03 4:55 a.m.•3 views

SUSE CVE-2020-28598

An out-of-bounds write vulnerability exists in the Admesh stlfixnormaldirections functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS7.8AI score0.00409EPSS

Exploits1References3

OSV•added 2024/07/02 3:58 p.m.•11 views

GHSA-79W7-VH3H-8G4J yt-dlp File system modification and RCE through improper file-extension sanitization

Summary yt-dlp does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp also reads config from the working directory and on Windows executables will be executed from the yt-dlp...

7.8CVSS8AI score0.00045EPSS

Exploits0References10

NVD•added 2024/07/01 9:15 p.m.•20 views

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

9.3CVSS0.01727EPSS

Exploits0References5

NVD•added 2024/07/01 9:15 p.m.•17 views

CVE-2024-38367

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

9.6CVSS0.04993EPSS

Exploits1References4

BDU FSTEC•added 2024/07/01 12:0 a.m.•1 views

The vulnerability of the file /view/systemConfig/reboot/reboot_commit.php in the Ruijie RG-UAC router microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the file /view/systemConfig/reboot/rebootcommit.php in the Ruijie RG-UAC router microprogramming system exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to...

6.5CVSS6.9AI score0.01384EPSS

Exploits1References4Affected Software1

BDU FSTEC•added 2024/07/01 12:0 a.m.•1 views

The vulnerability of the get_ip_addr_details function (/view/dhcp/dhcpConfig/commit.php) in Ruijie RG-UAC router software allows a attacker to execute arbitrary commands.

The vulnerability of the getipaddrdetails function /view/dhcp/dhcpConfig/commit.php in Ruijie RG-UAC router software exists due to the failure to address special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via th...

6.5CVSS6.9AI score0.01104EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2024/07/01 12:0 a.m.•385 views

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS7AI score0.65792EPSS

Exploits68References4

Microsoft CVE•added 2024/06/30 7:0 a.m.•2 views

CVE-2023-52890

...

4.5CVSS5.4AI score0.00075EPSS

Exploits0

NVD•added 2024/06/28 10:15 p.m.•20 views

CVE-2024-38532

The NXP Data Co-Processor DCP is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcptool reference implementation included in the repository selected the test key, regardless of its -t argument. This...

7.1CVSS0.00162EPSS

Exploits0References2

CVE•added 2024/06/28 9:25 p.m.•57 views

CVE-2024-38532

The CVE-2024-38532 issue affects the NXP Data Co-Processor (DCP) used in specific NXP SoCs, where the dcp_tool reference implementation selected a test key regardless of the -t argument. This root cause is addressed by patch commit 26a7. Connected sources describe the vulnerability as tied to the...

7.1CVSS6.9AI score0.00162EPSS

Exploits0References2

Cvelist•added 2024/06/28 9:25 p.m.•21 views

CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation

7.1CVSS0.00162EPSS

Exploits0References2

OSV•added 2024/06/28 9:25 p.m.•13 views

CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation

7.1CVSS6.9AI score0.00162EPSS

Exploits0References4

OSV•added 2024/06/28 7:20 a.m.•17 views

BIT-GITLAB-2024-4901 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, where a stored XSS vulnerability could be imported from a project with malicious commit notes...

8.7CVSS6.2AI score0.04794EPSS

Exploits0References3