Lucene search
K

6046 matches found

RustSec
RustSec
added 2024/12/05 12:0 p.m.5 views

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0Affected Software1
OSV
OSV
added 2024/12/05 12:0 p.m.5 views

RUSTSEC-2024-0428 Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.2 views

PT-2024-40971 · Unknown · Kvm-Ioctls

Name of the Vulnerable Software and Affected Versions: kvm-ioctls versions 0.1.0 through 0.19.0 Description: An issue in the VmFd::create device function causes undefined behavior due to a violation of Rust's pointer safety rules. The function downcasts a mutable reference to an immutable pointer...

7.4AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/11/28 3:48 a.m.3 views

SUSE CVE-2024-52336

A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...

7.8CVSS7.3AI score0.00287EPSS
Exploits0References4
OSV
OSV
added 2024/11/27 5:15 p.m.4 views

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

8CVSS5.7AI score0.77461EPSS
Exploits0References1
NVD
NVD
added 2024/11/27 5:15 p.m.20 views

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

8CVSS0.77461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/27 5:3 p.m.9 views

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

5.5AI score0.77461EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/27 5:3 p.m.38 views

CVE-2024-54003

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Create permission...

0.77461EPSS
Exploits0References1
CVE
CVE
added 2024/11/27 5:3 p.m.67 views

CVE-2024-54003

CVE-2024-54003 : Jenkins Simple Queue Plugin versions 1.4.4 and earlier are affected by a stored XSS due to the view name not being escaped, exploitable by attackers with View/Create permission. Root cause identified as failure to escape the view name. Impact aligns with high-severity in the CVSS...

8CVSS5.7AI score0.77461EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.6 views

PT-2024-36010 · Jenkins · Jenkins Simple Queue Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Simple Queue Plugin versions 1.4.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the view name is not escaped. This vulnerability is exploitable by attackers with View/Create...

8.6CVSS5.4AI score0.77461EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/26 3:41 p.m.3 views

tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS5.7AI score0.00298EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/11/26 2:17 a.m.3 views

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

5.5CVSS6.8AI score0.00228EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/26 2:6 a.m.4 views

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

5.5CVSS6.8AI score0.00228EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/26 12:55 a.m.6 views

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

5.5CVSS6.8AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

tuned 安全漏洞

tuned is tuned open source server-side program for a dynamic system tuning tool. The program is mainly used to monitor and collect data from various system components, and dynamically adjust system settings based on the information provided by the data. tuned has a security vulnerability that...

7.8CVSS7.8AI score0.00287EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2024/11/26 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...

8.8CVSS6AI score0.00415EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/22 8:3 a.m.13 views

Cross-Site Scripting (XSS)

unopim/unopim is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input validation in the Create User function, allowing attackers to exploit an SVG document to steal cookies...

5.4CVSS6.2AI score0.0037EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/21 12:0 a.m.3 views

The vulnerability of components related to DRM/AMDKFD in Linux kernel components, which allows a hacker to trigger a service failure.

The vulnerability of the DRM/amdkfd components of the Linux operating system’s kernel is related to a memory leak in the kfdcreateprocess function. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00229EPSS
Exploits0References20Affected Software5
OSV
OSV
added 2024/11/20 12:15 p.m.3 views

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

5.3CVSS7.3AI score0.00312EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/20 3:49 a.m.1 views

SUSE CVE-2024-53056

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix potential NULL dereference in mtkcrtcdestroy In mtkcrtccreate, if the call to mboxrequestchannel fails then we set the "mtkcrtc-cmdqclient.chan" pointer to NULL. In that situation, we do not call cmdqpktcreate...

5.5CVSS7.6AI score0.00204EPSS
Exploits0References16
Rows per page
Query Builder