Lucene search
K

206 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/24 12:0 a.m.14 views

FreeBSD : Gitlab -- Vulnerabilities (11b71871-20ba-11f0-9471-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11b71871-20ba-11f0-9471-2cf05da270f3 advisory. Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cros...

8.7CVSS8.5AI score0.00522EPSS
Exploits3References7
FreeBSD
FreeBSD
added 2025/04/23 12:0 a.m.29 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...

8.7CVSS5.7AI score0.00522EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/04/18 7:1 a.m.29 views

CVE-2025-38240 drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...

0.00216EPSS
Exploits0References5
NVD
NVD
added 2025/04/16 3:16 p.m.10 views

CVE-2025-22095

In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulatorbulkget If the regulatorbulkget returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to...

5.5CVSS0.00166EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/09 5:21 a.m.4 views

Malicious code in some-error-logging-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12ec550029e2d4afb8e030a4f5d0f35eed74507e8c10420197915d518200ef38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/04/09 5:21 a.m.4 views

MAL-2025-3201 Malicious code in some-error-logging-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12ec550029e2d4afb8e030a4f5d0f35eed74507e8c10420197915d518200ef38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2025/04/01 4:15 p.m.1 views

DEBIAN-CVE-2025-21975

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5chainscreatetable In mlx5chainscreatetable, the return value of mlx5getfdbsubns and mlx5getflownamespace must be checked to prevent NULL pointer dereferences. If either function fails, the function...

5.5CVSS5.6AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 3:47 p.m.135 views

CVE-2025-21975

Technical details for CVE-2025-21975 are not publicly provided in the supplied Connected documents. The entry description exists, but there are no explicit affected products/versions, impact, or fixes in the connected items. Monitor for vendor advisories.

5.5CVSS7.1AI score0.0018EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that socpcmret should not be used in the .prepare callback, which could lead to error logging...

5.5CVSS6.5AI score0.00167EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/05 1:51 a.m.4 views

CVE-2024-11274

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

8.7CVSS7.2AI score0.00463EPSS
Exploits1References1
NVD
NVD
added 2025/01/21 5:15 a.m.15 views

CVE-2024-13536

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

5.3CVSS0.00372EPSS
Exploits0References2
OSV
OSV
added 2025/01/07 3:4 p.m.24 views

OPENSUSE-SU-2025:0003-1 Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 test: fix TestHashKVWhenCompacting: ensure all goroutine finished print error log when creating peer listener failed mvcc: Printing etcd backend database related...

9.8CVSS7.8AI score0.9378EPSS
Exploits4References10
RedhatCVE
RedhatCVE
added 2024/12/30 3:54 a.m.10 views

CVE-2024-56722

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots o...

5.5CVSS6.8AI score0.00217EPSS
Exploits0References4
CVE
CVE
added 2024/12/29 11:29 a.m.149 views

CVE-2024-56722

In CVE-2024-56722, the Linux kernel RDMA/hns component fixes a cpu-stall risk during reset by removing unnecessary prints and converting remaining print statements to a rate-limited version when destroying resources (qp, cq, mr). The issue arises if resource destruction logs flood with numerous m...

5.5CVSS6.5AI score0.00217EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/12/27 3:15 p.m.6 views

AZL-54804 CVE-2024-56657 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

5.5CVSS6.4AI score0.00214EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.7 views

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE involves information disclosure during data transmission, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the disclosure of information during data transmission. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to protected information by...

7.8CVSS5.5AI score0.00463EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.18 views

FreeBSD : Gitlab -- Vulnerabilities (275ac414-b847-11ef-9877-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 275ac414-b847-11ef-9877-2cf05da270f3 advisory. Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response...

8.7CVSS5.7AI score0.0075EPSS
Exploits8References12
Hacker One
Hacker One
added 2024/12/10 6:16 a.m.336 views

Yelp: Object Level access control leads to reading user's full requests, sessions, and error messages

The summary is as follows: A vulnerability was discovered in the Yelp internal administration tool called "Tailored Mail" hosted on the subdomain https://proze.yelp.com/. The vulnerability allowed unauthenticated attackers to read the internal admin's full HTTP requests, sessions, and other...

6.6AI score
Exploits0
Snyk
Snyk
added 2024/11/01 6:28 a.m.5 views

Information Exposure

Overview chaturbate-poller is a Poller for the Chaturbate events API. Affected versions of this package are vulnerable to Information Exposure due to the error handling in the ChaturbateClient class which log in the full HTTP error response, without sanitization of the sensitive data in the URL...

6.9CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2024/09/18 8:15 a.m.7 views

DEBIAN-CVE-2024-46751

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON when 0 reference count at btrfslookupextentinfo Instead of doing a BUGON handle the error by returning -EUCLEAN, aborting the transaction and logging an error message...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder