Lucene search
K

613 matches found

CVE
CVE
added 2024/05/16 8:47 p.m.74 views

CVE-2024-21864

CVE-2024-21864 affects Intel Arc and Iris Xe Graphics software prior to version 31.0.101.5081. The underlying issue is improper neutralization in the graphics software, which could allow an unauthenticated user to escalate privileges via adjacent network access. Affected products are Intel Arc an...

7.8CVSS7.3AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.4 views

Intel Arc 和 Iris Xe 安全漏洞

Intel Iris Xe and Intel Arc are both products of Intel Corporation, the United States of America.Intel Iris Xe is a display chip that is integrated inside a central processor.Intel Arc is a family of graphics cards. A security vulnerability previously existed in Intel Arc and Iris Xe version...

7.8CVSS6.8AI score0.00342EPSS
Exploits0References2
Lenovo
Lenovo
added 2024/05/14 8:41 p.m.5 views

Intel Arc & Iris Xe Graphics Software Advisory - Lenovo Support US

No description provided...

7.3AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2024/05/14 12:0 a.m.25 views

Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

7.8CVSS7.4AI score0.00342EPSS
Exploits0Affected Software122
Intel
Intel
added 2024/05/14 12:0 a.m.12 views

Intel® Arc™ & Iris® Xe Graphics Software Advisory

Summary: Potential security vulnerabilitiy in some Intel® Arc™ & Iris® Xe Graphics software may allow escalation of privilege. Intel is releasing updates to mitigate these potential vulnerability. Vulnerability Details: CVEID: CVE-2024-21864 Description: Improper neutralization in some Intel® Arc...

7.8CVSS7.4AI score0.00342EPSS
Exploits0
Cvelist
Cvelist
added 2024/04/25 4:30 p.m.36 views

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

6.8CVSS7.2AI score0.00852EPSS
Exploits0References1
CVE
CVE
added 2024/04/25 4:30 p.m.72 views

CVE-2024-25624

CVE-2024-25624 affects Iris (iris-web) and is due to improper Jinja2 environment setup causing Server Side Template Injection (SSTI). An authenticated administrator must upload a crafted report template; when a weaponized report is generated, any user can trigger the vulnerability, potentially le...

6.8CVSS7.4AI score0.00852EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/25 4:30 p.m.14 views

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

6.8CVSS7AI score0.00852EPSS
Exploits0References1
OSV
OSV
added 2024/04/25 4:30 p.m.13 views

CVE-2024-25624 iris-web vulnerable to Server Side Template Injection in reports

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Due to an improper setup of Jinja2 environment, reports generation in iris-web is prone to a Server Side Template Injection SSTI. Successful exploitation of the vulnerability c...

6.8CVSS7.5AI score0.00852EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-21044 · Iris · Iris

Name of the Vulnerable Software and Affected Versions: Iris versions prior to 2.4.6 Description: Iris is a web collaborative platform that helps incident responders share technical details during investigations. Due to an improper setup of the Jinja2 environment, reports generation in iris-web is...

6.8CVSS7.9AI score0.00852EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.5 views

Iris 代码注入漏洞

Iris is a fast, simple but fully featured and very efficient Go web framework. A security vulnerability exists in Iris versions prior to v2.4.6, which stems from an improperly configured environment that is susceptible to server-side template injection SSTI, and successful exploitation of which c...

6.8CVSS8.3AI score0.00852EPSS
Exploits0References2
NVD
NVD
added 2024/02/19 8:15 p.m.27 views

CVE-2024-25640

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

5.4CVSS4.3AI score0.00337EPSS
Exploits0References1
Prion
Prion
added 2024/02/19 8:15 p.m.18 views

Cross site scripting

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

4.9CVSS5.6AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/19 7:56 p.m.17 views

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

4.6CVSS5.3AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/19 7:56 p.m.32 views

CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web

Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...

4.6CVSS4.5AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2024/02/19 7:56 p.m.58 views

CVE-2024-25640

CVE-2024-25640 affects iris-web prior to version 2.4.0, where a stored XSS flaw exists at multiple locations. The underlying issue allows an authenticated attacker to inject scripts that execute when a user visits affected pages. Impact is consistent with XSS exposure leading to potential data ac...

5.4CVSS4.3AI score0.00337EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.4 views

PT-2024-21061 · Iris-Web · Iris-Web

Name of the Vulnerable Software and Affected Versions: iris-web versions prior to 2.4.0 Description: A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations. The vulnerability may allow an attacker to inject malicious scripts into the...

5.4CVSS5.7AI score0.00337EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/19 12:0 a.m.5 views

Iris Security Breach

Iris is a fast, simple, yet full-featured and very efficient Go networking framework. A security vulnerability exists in Iris versions prior to v2.4.0. An attacker exploiting this vulnerability could inject malicious script into an application, which could lead to unauthorized access, data theft,...

5.4CVSS6.6AI score0.00337EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/02/09 12:35 p.m.2 views

Malicious code in iris-front-test-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ed1b8ea683be3ab1a06938511d841bfbd293b36b9a8bcccedd6d794a2af3f85 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
NVD
NVD
added 2023/12/22 8:15 p.m.28 views

CVE-2023-50712

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.3.7. The vulnerability may allow an attack...

5.4CVSS0.00298EPSS
Exploits0References2
Rows per page
Query Builder