CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

559 matches found

BDU FSTEC•added 2024/07/29 12:0 a.m.•1 views

The vulnerability of the `makeHttpRequest()` function in the `htdocs/js/ajax_functions.js` file of the LDAP administration web tool phpLDAPadmin allows a perpetrator to initiate malicious HTTP requests.

The vulnerability of the makeHttpRequest function in the htdocs/js/ajaxfunctions.js file of the LDAP administration web tool phpLDAPadmin is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability could allow a remote attacker to trigger unauthorized HTTP requests...

6.5CVSS6.6AI score0.00104EPSS

Exploits0References3Affected Software2

BDU FSTEC•added 2024/07/15 12:0 a.m.•2 views

The vulnerability of the SAML standard implementation in the Splunk Enterprise platform for operational analysis allows a perpetrator to carry out a brute-force attack.

The vulnerability of the SAML standard implementation in the Splunk Enterprise platform for operational analysis is related to inconsistencies in responses to incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a brute-force attack...

5.3CVSS5.5AI score0.00421EPSS

Exploits0References3Affected Software2

CVE•added 2024/05/24 3:9 p.m.•96 views

CVE-2021-47541

CVE-2021-47541 targets the Linux kernel mlx4_en driver. In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() may free tmp->tx_cq on the error path, and later mlx4_en_alloc_resources() dereferences &tmp->tx_cq[t][i], risking a use-after-free. The fix adds a guard/check around mlx4_en_copy_p...

7.8CVSS8.6AI score0.0002EPSS

Exploits0References6Affected Software1

CVE•added 2024/05/19 8:34 a.m.•7117 views

CVE-2024-35900

CVE-2024-35900 affects the Linux kernel nf_tables (netfilter). The issue arises when the dormant table flag is toggled; during commit, hooks are iterated across both existing and new chains, which can lead to an inconsistent state. This may trigger a warning when unregistering a chain that is alr...

5.5CVSS6.6AI score0.00016EPSS

Exploits0References10Affected Software1

Cvelist•added 2024/05/19 8:34 a.m.•16 views

CVE-2024-35900 netfilter: nf_tables: reject new basechain after table flag update

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table existing and new. The following configuration allows...

6.4AI score0.00016EPSS

Exploits0References8

Tenable Nessus•added 2024/05/09 12:0 a.m.•43 views

Debian dsa-5684 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5684 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5684-1 [email protected]...

8.8CVSS7.3AI score0.00672EPSS

Exploits0References17

RedhatCVE•added 2024/05/01 7:19 p.m.•22 views

CVE-2024-27009

A flaw was found in the Linux kernel’s S390 device driver. A race condition can occur during online processing due to improper locking, causing the device to be in an inconsistent state and resulting in denial of service...

5.5CVSS8AI score0.00016EPSS

Exploits0References4

UbuntuCve•added 2024/05/01 6:15 a.m.•16 views

CVE-2024-26956

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submitbhwbc". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one...

7.8CVSS6.5AI score0.00013EPSS

Exploits0References29

UbuntuCve•added 2024/04/18 7:15 p.m.•41 views

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

7.1CVSS7AI score0.00029EPSS

Exploits1References8

Vulnrichment•added 2024/04/18 7:6 p.m.•19 views

CVE-2023-3758 Sssd: race condition during authorization leads to gpo policies functioning inconsistently

7.1CVSS6.5AI score0.00029EPSS

Exploits1References9

Veracode•added 2024/04/05 10:51 a.m.•20 views

Header Injection

undici is vulnerable to Header Injection. The vulnerability is due to inconsistent header handling, where headers were cleared for fetch but not for undici.request, which could result in unauthorized access to sensitive information...

4.3CVSS6.8AI score0.00198EPSS

Exploits0References8Affected Software1

SUSE CVE•added 2024/03/27 4:13 a.m.•1 views

SUSE CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing...

5.4CVSS7.7AI score0.00081EPSS

Exploits0References10

Prion•added 2024/02/28 9:15 a.m.•15 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as t...

7.1AI score0.00017EPSS

Exploits0References5