Lucene search
K

4718 matches found

OSV
OSV
added 2024/07/29 3:15 p.m.6 views

AZL-62696 CVE-2024-41067 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly BUG When running btrfs/060 with forced RST feature, it would crash the following ASSERT inside scrubreadendio: ASSERTsectornr nrsectors; Before that, we would have tree dump from...

5.5CVSS5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.5 views

PT-2025-18145

Name of the Vulnerable Software and Affected Versions Apache httpd mod auth openidc module affected versions not specified Description A flaw in the mod auth openidc module for Apache httpd allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request...

7.8CVSS6.5AI score0.01214EPSS
Exploits0References75
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the direct use of state-fb-obj0, instead of obtaining an object via the drmgemfbgetobj function, and returni...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that when updating the ASoC code of mt8195, the codec entry for the ETDM1OUTBE dai link is complete...

7.8CVSS6.6AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2024/07/26 11:8 a.m.2 views

OESA-2024-1914 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent ...

9.1CVSS6.9AI score0.05582EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/25 1:26 p.m.29 views

CVE-2024-36111 KubePi's JWT token validation has a defect

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

6.3CVSS0.08388EPSS
Exploits0References1
OSV
OSV
added 2024/07/25 1:26 p.m.5 views

CVE-2024-36111 KubePi's JWT token validation has a defect

KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...

6.3CVSS6.8AI score0.08388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2024-26898 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions 1.6.3 through 1.7.x Description: The issue is related to a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string is generated to overwrite the key...

6.3CVSS7.2AI score0.08388EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/24 2:3 p.m.6 views

kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUGON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, a...

5.5CVSS6.8AI score0.00252EPSS
Exploits0References5
OSV
OSV
added 2024/07/22 10:15 a.m.4 views

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

5.4CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2024/07/22 10:15 a.m.18 views

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

6.5CVSS0.00246EPSS
Exploits0References1
Amazon
Amazon
added 2024/07/22 12:0 a.m.3 views

Medium: edk2

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

9.1CVSS7AI score0.05582EPSS
Exploits1
RustSec
RustSec
added 2024/07/21 12:0 p.m.4 views

`MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

7AI score
Exploits0Affected Software1
OSV
OSV
added 2024/07/21 12:0 p.m.21 views

RUSTSEC-2024-0357 `MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::getbuf called slice::fromrawparts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed...

7AI score
Exploits0References3
OSV
OSV
added 2024/07/19 11:8 a.m.3 views

OESA-2024-1879 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

9.1CVSS7AI score0.05582EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/07/19 2:37 a.m.2 views

SUSE CVE-2024-41184

In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user...

6.4CVSS7.2AI score0.00616EPSS
Exploits0References10
OSV
OSV
added 2024/07/18 5:18 p.m.4 views

GHSA-G92J-QHMH-64V2 Sentry's Python SDK unintentionally exposes environment variables to subprocesses

Impact The bug in Sentry's Python SDK subprocess.checkoutput"env", env="TEST":"1" b'TEST=1\n' If you'd want to not pass any variables, you can set an empty dict: subprocess.checkoutput"env", env= b'' However, the bug in Sentry SDK 2.8.0 causes all environment variables to be passed to the...

2.5CVSS5.7AI score0.00198EPSS
Exploits0References11
OSV
OSV
added 2024/07/18 1:15 a.m.2 views

DEBIAN-CVE-2024-41184

In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user...

9.8CVSS7.6AI score0.00616EPSS
Exploits0References1
OSV
OSV
added 2024/07/18 1:15 a.m.8 views

AZL-43419 CVE-2024-41184 affecting package keepalived for versions less than 2.3.1-1

In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user...

9.8CVSS6.9AI score0.00616EPSS
Exploits0References1
OSV
OSV
added 2024/07/18 1:15 a.m.6 views

AZL-43423 CVE-2024-41184 affecting package keepalived for versions less than 2.3.1-1

In the vrrpipsetshandler handler fglobalparser.c of keepalived through 2.3.1, an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user...

9.8CVSS6.9AI score0.00616EPSS
Exploits0References1
Rows per page
Query Builder