Lucene search
K

412 matches found

OSV
OSV
added 2025/02/27 3:15 a.m.6 views

AZL-57785 CVE-2024-58010 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS6.8AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/02/27 2:12 a.m.138 views

CVE-2024-58010

The CVE-2024-58010 issue affects the Linux kernel binfmt_flat code on 32-bit systems, where an integer overflow could occur in the full_data computation (full_data = data_len + relocs * sizeof(unsigned long)). The provided description notes most sizes are capped at 256MB to avoid overflow, but th...

5.5CVSS6.8AI score0.00216EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2025/02/07 6:15 p.m.3 views

CVE-2025-1105

A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched...

6.1CVSS5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.6 views

PT-2025-5982 · Unknown · Siberiancms

Name of the Vulnerable Software and Affected Versions: SiberianCMS version 4.20.6 Description: A problem was found in SiberianCMS, affecting some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. This leads to cross-site scripting. The attac...

5.3CVSS4.7AI score0.00386EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

SiberianCMS 代码注入漏洞

SiberianCMS is an open source and free application manufacturing software from SiberianCMS Inc. A code injection vulnerability exists in SiberianCMS version 4.20.6, which originates in the file /app/sae/design/desktop/flat of the component HTTP GET request handler can lead to a cross-site scripti...

6.1CVSS5AI score0.00386EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/12 2:34 p.m.48 views

CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

8.5CVSS0.01419EPSS
Exploits0References3
OSV
OSV
added 2024/10/18 5:15 a.m.4 views

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2024/10/18 4:32 a.m.41 views

CVE-2024-10014

CVE-2024-10014 – Flat UI Button (WordPress) XSS Affected: Flat UI Button plugin for WordPress, version 1.0 and earlier. Root cause: Insufficient input sanitization and output escaping on user-supplied attributes within the flatbtn shortcode. Impact: Stored Cross‑Site Scripting that can execute ar...

6.4CVSS5.6AI score0.0028EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.6 views

WordPress plugin Flat UI Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.9AI score0.0028EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/17 6:35 p.m.4 views

WordPress Flat UI Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via flatbtn Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Flat UI Button versions 1.0...

6.4CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.9 views

WordPress Flat UI Button Plugin 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Flat UI Button Type Plugin Vulnerable versions 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10014 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 35d97ede67c1 Credits Francesco Carlucci Required...

6.4CVSS5.7AI score0.0028EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/15 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-44966)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-44966 advisory. - In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/04 8:19 p.m.16 views

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

6.1CVSS7.3AI score0.0021EPSS
Exploits0References4
NVD
NVD
added 2024/09/04 7:15 p.m.16 views

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

5.5CVSS0.0021EPSS
Exploits0References6
OSV
OSV
added 2024/09/04 7:15 p.m.2 views

DEBIAN-CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

5.5CVSS5.9AI score0.0021EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/09/04 7:15 p.m.18 views

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

5.5CVSS6.4AI score0.0021EPSS
Exploits0References17
OSV
OSV
added 2024/09/04 7:15 p.m.2 views

UBUNTU-CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

5.5CVSS6.5AI score0.0021EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2024/09/04 6:38 p.m.12 views

CVE-2024-44966 binfmt_flat: Fix corruption when not offsetting data start

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

7.5AI score0.0021EPSS
Exploits0References5
CVE
CVE
added 2024/09/04 6:38 p.m.100 views

CVE-2024-44966

CVE-2024-44966 is a Linux kernel vulnerability involving the binfmt_flat helper. A RISC-V specific FLAT format variant reserved no space for the obsolete shared library pointer array, but initialization code was not disabled, causing corruption of sizeof(long) bytes before the DATA segment (end o...

5.5CVSS6.9AI score0.0021EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2024/09/04 6:38 p.m.14 views

CVE-2024-44966

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix corruption when not offsetting data start Commit 04d82a6d0881 "binfmtflat: allow not offsetting data start" introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the obsolet...

5.5CVSS5.9AI score0.0021EPSS
Exploits0
Rows per page
Query Builder