CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2022/11/15 11:55 a.m.•2 views

kernel: XArray: Fix xas_create_range() when multi-order entry present

In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...

4.7CVSS6AI score0.00183EPSS

Positive Technologies•added 2022/11/14 12:0 a.m.•4 views

PT-2022-35554 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to a platform-device leak in the bridge platform create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35368 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to a platform-device leak in the bridge platform create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35125 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns a platform-device leak in the bridge platform create function. This problem was introduced in version v5.5 and is fixed in Linux Kernel version v6.0.3. The actual impact an...

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-35240 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.76 Description: A memory leak issue exists in the lpfc create port function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.76...

7.2AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35238 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.13 through v5.15.75 Description: A potential security issue exists due to an xid leak in the cifs create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.3AI score

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35126 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns a platform-device leak in the bridge platform create function. This problem was introduced in version v5.19 and is fixed in Linux Kernel version v6.0.3. The actual impact a...

Positive Technologies•added 2022/11/14 12:0 a.m.•3 views

PT-2022-35751 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue is related to the Bluetooth L2CAP protocol in the Linux Kernel. It involves the initialization of delayed works at the l2cap chan create function. The actual impact and attack...

7.2AI score

Positive Technologies•added 2022/11/11 12:0 a.m.•3 views

PT-2022-24976 · Manydesigns · Manydesigns Portofino

Name of the Vulnerable Software and Affected Versions: ManyDesigns Portofino version 5.3.2 Description: A vulnerability has been found in ManyDesigns Portofino, where the function createTempDir of the file WarFileLauncher.java is affected. The manipulation leads to the creation of a temporary fil...

7.1CVSS6.7AI score0.00568EPSS

Exploits1References9

RedHat Linux•added 2022/11/08 9:32 a.m.•2 views

kernel: udmabuf: validate ubuf->pagecount

A vulnerability was found in the Linux kernel in the udmabufcreate function. An improper user-provided argument validation can lead to a ZEROPTR value being passed to the sgallocappendtablefrompages function, which attempts a dereference and leads to a kernel crash...

5.5CVSS6.5AI score0.00227EPSS

Positive Technologies•added 2022/11/03 12:0 a.m.•2 views

PT-2022-27269 · Unknown · David Cole Simple Seo

Name of the Vulnerable Software and Affected Versions: David Cole Simple SEO plugin version 1.8.12 and earlier Description: A Cross-Site Request Forgery CSRF issue allows attackers to create or delete sitemaps. This can be exploited by attackers to manipulate the website's SEO settings...

5.4CVSS5.4AI score0.00239EPSS

OSV•added 2022/11/02 6:12 p.m.•3 views

CLSA-2022-1667412749 Fix CVE(s): CVE-2022-43680

SECURITY UPDATE: Fix overeager DTD destruction - debian/patches/CVE-2022-43680: Fix heap use-after-free after overeager destruction of a shared DTD in function XMLExternalEntityParserCreate in out-of-memory situations - CVE-2022-43680...

7.5CVSS6.7AI score0.02241EPSS

Exploits1References1

OSV•added 2022/11/02 1:15 p.m.•3 views

CVE-2022-40840

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting XSS via createPdf.php...

6.1CVSS5.8AI score0.00499EPSS

Exploits1References2

Hacker One•added 2022/11/01 11:12 p.m.•24 views

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...