Lucene search
K

356 matches found

Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-39924 · WordPress · Parallax Image

Name of the Vulnerable Software and Affected Versions: Parallax Image plugin for WordPress version 1.8 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dd-parallax shortcode, allowing authenticated...

6.4CVSS7.2AI score0.00383EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.4 views

WordPress plugin Parallax Image 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.00383EPSS
Exploits1References5
NVD
NVD
added 2024/09/27 1:15 p.m.20 views

CVE-2024-46853

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd...

7.8CVSS0.00238EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.16 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-038)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.6.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-038 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context du...

7.5CVSS5.5AI score0.00431EPSS
Exploits0References4
Amazon
Amazon
added 2024/07/22 12:0 a.m.11 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CONTINUATION frames. Envoy's HTTP/2 codec allows the client to send an unlimited...

7.5CVSS6.9AI score0.8781EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.11 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-655 advisory. dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann...

7.5CVSS5.4AI score0.00431EPSS
Exploits0References4
NVD
NVD
added 2024/06/28 10:15 p.m.36 views

CVE-2024-38525

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

7.5CVSS0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/28 9:10 p.m.17 views

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

7.5CVSS6.9AI score0.00431EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 9:10 p.m.8 views

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

7.5CVSS6.6AI score0.00431EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/28 9:10 p.m.37 views

CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught...

7.5CVSS0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/28 12:0 a.m.6 views

PT-2024-28052 · Unknown · Nlohmann/Json +1

Name of the Vulnerable Software and Affected Versions: dd-trace-cpp versions prior to 0.2.2 Description: The issue occurs when the library fails to extract trace context due to malformed unicode. It attempts to log the list of audited headers and their values using the nlohmann JSON library...

7.5CVSS7.2AI score0.00431EPSS
Exploits0References5
OSV
OSV
added 2024/06/26 4:15 a.m.6 views

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the syste...

8.8CVSS6AI score0.01218EPSS
Exploits0References1
NVD
NVD
added 2024/06/26 4:15 a.m.20 views

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS0.00477EPSS
Exploits0References1
OSV
OSV
added 2024/06/26 4:15 a.m.5 views

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the manag...

6.8CVSS5.8AI score0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/26 4:0 a.m.17 views

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure...

3.5CVSS6.4AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/26 3:38 a.m.24 views

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS0.00477EPSS
Exploits0References1
OSV
OSV
added 2024/06/26 3:15 a.m.4 views

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

2.7CVSS5.8AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2024/06/26 3:15 a.m.5 views

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery SSRF vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client...

4.9CVSS5.8AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2024/06/26 3:15 a.m.30 views

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery SSRF vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client...

6.8CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/26 2:51 a.m.17 views

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery SSRF vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client...

6.8CVSS6.4AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder