Lucene search
K

560 matches found

NVD
NVD
added 2024/10/14 2:15 p.m.18 views

CVE-2024-8602

When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default settings of the DocumentBuilder allow for an XXE XML External Entity attack. Further information on this can be found on the website of the Open Worldwide Application Security Project OWASP. An attacker...

6.3CVSS0.00393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.15 views

CentOS 7 : buildah (RHSA-2020:2116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious containe...

9.3CVSS6.3AI score0.02603EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/09/13 10:42 a.m.13 views

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

5.5CVSS7AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2024/09/13 7:15 a.m.33 views

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

5.5CVSS0.00187EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/09/13 6:33 a.m.10 views

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect...

5.5CVSS5.6AI score0.00187EPSS
Exploits0
Veracode
Veracode
added 2024/08/29 4:4 a.m.15 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper input validation of the CA path file in the Elasticsearch configuration due to a lack of proper sanitization and validation. This allows an attacker to provide a malicious path, such as...

4.9CVSS7AI score0.00456EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/22 1:32 a.m.72 views

CVE-2022-48914

CVE-2022-48914 affects the Linux kernel’s xen_netfront/xennet_destroy_queues path. The vulnerability arises because xennet_destroy_queues() relies on netdev->real_num_tx_queues, which is cleared after unregister_netdev() due to net-sysfs changes, causing a NULL dereference when freeing queues ...

5.5CVSS6.2AI score0.00215EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/31 3:13 a.m.44 views

CVE-2024-39944

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash...

7.5CVSS6.8AI score0.0056EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/29 2:57 p.m.26 views

CVE-2024-41075 cachefiles: add consistency check for copen/cread

In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. Added checks are listed below: Generic, copen can only complete open request...

0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/29 2:32 p.m.15 views

CVE-2024-41052 vfio/pci: Init the count variable in collecting hot-reset devices

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and crashes the userspace if the get hot reset info path is...

6.8AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2024/07/16 11:15 p.m.27 views

CVE-2024-21171

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS0.00876EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/16 12:0 a.m.2 views

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang without authorization or crash frequently and repeatedly full DOS...

4.9CVSS6AI score0.0085EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 2:15 p.m.3 views

UBUNTU-CVE-2023-39328

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/02 12:0 a.m.45 views

RHEL 8 : redhat-ds:11 (RHSA-2024:4210)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4210 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...

7.5CVSS6.7AI score0.01256EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/06/20 12:0 a.m.24 views

CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to...

5.5CVSS5.8AI score0.00219EPSS
Exploits0References6
OSV
OSV
added 2024/06/11 3:15 a.m.3 views

CVE-2024-33001

SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimat...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/05/23 11:12 a.m.28 views

CVE-2023-52831

In the Linux kernel, the following vulnerability has been resolved: cpu/hotplug: Don't offline the last non-isolated CPU If a system has isolated CPUs via the "isolcpus=" command line parameter, then an attempt to offline the last housekeeping CPU will result in a WARNON when rebuilding the...

5.5CVSS9AI score0.00242EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.17 views

CVE-2024-26929

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0References30
Debian CVE
Debian CVE
added 2024/04/28 1:0 p.m.31 views

CVE-2022-48644

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc-destroy gets called even if qdisc-init never succeeded, not exclusively since commit 87b60cfacf9f "netsched:...

5.5CVSS5.6AI score0.00232EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/04/11 12:0 a.m.68 views

bind9.16 security update

32:9.16.23-0.16.2 - Prevent crashing at masterformat system test CVE-2023-6516 32:9.16.23-0.16.1 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones CVE-2023-5517 - Prevent assertion failure if DNS...

7.5CVSS7.7AI score0.99995EPSS
Exploits1
Rows per page
Query Builder