Lucene search
K

6046 matches found

CNNVD
CNNVD
added 2024/11/20 12:0 a.m.5 views

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.1AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2024/11/19 1:30 a.m.87 views

CVE-2024-50293

Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

7.8CVSS6.4AI score0.00213EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/19 1:30 a.m.2 views

CVE-2024-50293 net/smc: do not leave a dangling sk pointer in __smc_create()

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

7.5AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/19 1:30 a.m.17 views

CVE-2024-50286 ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

0.00267EPSS
Exploits0References4
OSV
OSV
added 2024/11/19 1:30 a.m.13 views

CVE-2024-50280 dm cache: fix flushing uninitialized delayed_work on cache_ctr error

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayedwork on cachectr error An unexpected WARNON from flushwork may occur when cache creation fails, caused by destroying the uninitialized delayedwork waker in the error path of cachecreate...

7.8CVSS6.2AI score0.00245EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.5 views

PT-2024-10587 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a permission bypass due to a write size mismatch in the writeToParcel and createFromParcel methods of DcParamObject.java. This could lead to an elevation of...

7.8CVSS7.6AI score0.00097EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from leaving a dangling sk pointer in the smccreate function...

7.8CVSS7.6AI score0.00213EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/18 12:0 a.m.4 views

Vulnerability of components of the Linux operating system’s kernel, net/mlx5e, which allows a hacker to cause a service failure

The vulnerability of the net/mlx5e components in the Linux operating system is related to errors in the double release function of arfscreategroups. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00861EPSS
Exploits0References37Affected Software5
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.5 views

PT-2024-34876 · Markus +1 · Markus +1

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: The issue is related to an arbitrary file write vulnerability in the update/upload/create file methods in Controllers, allowing authenticated instructors to write arbitrary files to any location on...

8.8CVSS7.7AI score0.00723EPSS
Exploits0References7
OSV
OSV
added 2024/11/16 7:16 a.m.20 views

BIT-POSTGRESQL-2024-10976 PostgreSQL row security below e.g. subqueries disregards user ID changes

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS6.8AI score0.00786EPSS
Exploits0References4
NVD
NVD
added 2024/11/15 10:15 p.m.12 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

5.4CVSS0.00262EPSS
Exploits0References2
OSV
OSV
added 2024/11/15 10:15 p.m.4 views

CVE-2017-13312

In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not...

7.8CVSS5.9AI score0.00073EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/15 12:0 a.m.15 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

6.2AI score0.00262EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.3 views

The vulnerability of PostgreSQL database management system’s CREATE POLICY command for tables with row-level protection allows attackers to execute arbitrary commands.

The vulnerability of PostgreSQL database management system’s CREATE POLICY commands related to the lack of consistency between independent representations of the overall state. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands by repeatedly using...

4.2CVSS6.9AI score0.00786EPSS
Exploits0References14Affected Software9
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

Calibre-Web 访问控制错误漏洞

Calibre-Web is a web application for browsing, reading, and downloading eBooks from the Calibre database by Jan B, an individual developer. An access control error vulnerability exists in Calibre-Web that stems from the createshelf method in shelf.py not verifying that a user has the required...

5.4CVSS5.3AI score0.00334EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-10582 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a read/write serialization problem in the createFromParcel method of ViewPager.java. This could allow for a permissions bypass, enabling local escalation of privileg...

7.8CVSS7.7AI score0.00074EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/15 12:0 a.m.14 views

CVE-2024-50983

FlightPath 7.5 contains a Cross Site Scripting XSS vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or...

0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-16598 · WordPress · The Popup Box – Create Countdown

Name of the Vulnerable Software and Affected Versions: The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress versions up to, and including, 4.9.7 Description: The issue is related to a missing capability check on the deactivate plugin option function, which...

5.3CVSS9.5AI score0.00378EPSS
Exploits0References8
OSV
OSV
added 2024/11/14 1:15 p.m.7 views

AZL-53215 CVE-2024-10976 affecting package postgresql for versions less than 16.5-1

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

5.4CVSS7.1AI score0.00786EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/11/14 12:9 p.m.11 views

CVE-2023-4458

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS4.5AI score0.00833EPSS
Exploits0
Rows per page
Query Builder