Lucene search
K

123 matches found

OSV
OSV
added 2025/01/16 4:45 p.m.156 views

CVE-2025-0518 Unchecked sscanf return value which leads to memory data leak

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/afpan.C . This issue affects FFmpeg: 7.1. Issue was fixed: ...

4.8CVSS6.6AI score0.00372EPSS
Exploits0References6
CVE
CVE
added 2025/01/15 1:5 p.m.174 views

CVE-2024-57901

Mode C: Normal details found. CVE-2024-57901 affects the Linux kernel af_packet code. The bug was in vlan_get_protocol_dgram() interacting with MSG_PEEK, where the previous fix path touched skb data and could crash. The issue was addressed by reworking vlan_get_protocol_dgram() to avoid touching ...

5.5CVSS6.3AI score0.00257EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2024/12/29 2:28 p.m.13 views

CVE-2024-53192

In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member hws in struct clkhwonecelldata is annotated with the countedby attribute. This means that when memory is allocated for this...

5.5CVSS7.6AI score0.00226EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/12/18 4:33 a.m.485 views

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Summary: A flaw has been identified in the curl command-line tool related to its protocol selection mechanism. Specifically, the protocol restrictions set by the --proto option can be bypassed, allowing unintended protocols to be used despite explicit restrictions. This flaw can result in plainte...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/11 10:58 p.m.11 views

CVE-2024-54527

This issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2. An app may be able to access sensitive user data...

7AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2024/11/15 12:31 p.m.12 views

GHSA-5R2G-59PX-3Q9W Stored XSS using two files in usememos/memos

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

5.4CVSS5.4AI score0.00438EPSS
Exploits1References5
NVD
NVD
added 2024/10/28 9:15 p.m.15 views

CVE-2024-44251

This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen...

2.4CVSS0.00252EPSS
Exploits0References2
OSV
OSV
added 2024/10/25 12:50 p.m.15 views

CVE-2024-49376 Autolab Has Misconfigured Reset Password Permissions

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their...

7.1CVSS6.6AI score0.00454EPSS
Exploits0References4
NVD
NVD
added 2024/10/13 9:15 p.m.8 views

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

9.8CVSS0.00608EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/24 8:48 p.m.15 views

CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect

Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in...

6.9CVSS7.2AI score0.00582EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/10 8:56 p.m.26 views

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen...

0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/10 8:56 p.m.18 views

CVE-2024-27814

This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information from the lock screen...

5.4AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2024/05/27 11:23 p.m.9 views

GHSA-CRR3-H4M8-7F56 silverstripe/framework vulnerable to member disclosure in login form

There is a user ID enumeration vulnerability in our brute force error messages. - Users that don't exist in will never get a locked out message - Users that do exist, will get a locked out message This means an attacker can infer or confirm user details that exist in the member table. This issue...

5.3CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2024/05/19 11:15 a.m.14 views

CVE-2024-35933

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintelreadversion If hcicmdsynccomplete is triggered and skb is NULL, then hdev-reqskb is NULL, which will cause this issue...

5.5CVSS0.00223EPSS
Exploits0References18
CVE
CVE
added 2024/04/24 4:43 p.m.76 views

CVE-2024-23228

Apple iOS 17.3 and iPadOS 17.3 fix a vulnerability in the Notes component where Locked Notes content may have been unexpectedly unlocked due to state-management issues. Affected products are iPhone and iPad models supporting iOS/iPadOS 17.3. Root cause: improved state management within Notes. Imp...

4.3CVSS6AI score0.00347EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2024/03/28 3:39 p.m.18 views

CVE-2023-42913

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions...

6.1AI score0.0054EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/26 7:40 p.m.21 views

CVE-2024-27092 Content spoofing - real Hoppscotch emails

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

5.4CVSS5.5AI score0.00608EPSS
Exploits1References3
Prion
Prion
added 2024/01/10 10:15 p.m.23 views

Information disclosure

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information...

1.3CVSS5.7AI score0.00201EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2024/01/10 10:3 p.m.26 views

CVE-2023-42929

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data...

6.3AI score0.00197EPSS
Exploits0References1
Prion
Prion
added 2024/01/02 8:15 p.m.21 views

Deserialization of untrusted data

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

7.5CVSS6.8AI score0.00652EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder