Lucene search
+L

197 matches found

Cvelist
Cvelist
added 2025/02/14 7:24 p.m.60 views

CVE-2025-25296 Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's /projects/upload-example endpoint allows injection of arbitrary HTML through a GET request with an appropriately crafted labelconfig query parameter. By crafting a specially formatted XML label config with...

6.1CVSS0.0185EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.6 views

Label Studio 安全漏洞

Label Studio is an open source data labeling tool from Heartex Open Source. It allows you to label data types such as audio, text, images, video, and time series using a straightforward UI and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

8.7CVSS6.4AI score0.00739EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Smack: tcp: ipv4, fixed incorrect labeling Currently, Smack follows the labeling scheme for incoming tcp/ipv4 connections: when a connection with label ‘foo’ connects to a connection with label ‘bar’ via tcp/ipv4, ‘foo’ always...

8.8CVSS6.5AI score0.00835EPSS
Exploits0References3
OSV
OSV
added 2025/02/03 8:54 a.m.3 views

SUSE-SU-2025:20042-1 Security update for selinux-policy

This update for selinux-policy fixes the following issues: Update to version 20230523+git25.ad22dd7f: Backport wtmpdb label change to have the same wtmpdb label as in SL Micro 6.1 bsc1229132 Add authrwwtmpdbloginrecords to domains using authmanageloginrecords Add authrwwtmpdbloginrecords to modul...

5.8AI score
Exploits0References7
Malwarebytes
Malwarebytes
added 2025/01/08 5:35 p.m.15 views

US Cyber Trust Mark logo for smart devices is coming

The White House announced the launch of the US Cyber Trust Mark which aims to help buyers make an informed choice about the purchase of wireless internet-connected devices, such as baby monitors, doorbells, thermostats, and more. The cybersecurity labeling program for wireless consumer Internet o...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/10/11 4:59 p.m.15 views

CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.9AI score0.00835EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/10/10 2:48 a.m.6 views

SUSE CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS7.7AI score0.00835EPSS
Exploits0References3
OSV
OSV
added 2024/10/09 2:15 p.m.2 views

DEBIAN-CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.2AI score0.00835EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 2:15 p.m.3 views

UBUNTU-CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.5AI score0.00835EPSS
Exploits0References34
Cvelist
Cvelist
added 2024/10/09 2:2 p.m.29 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

0.00835EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/10/09 2:2 p.m.25 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

6.9AI score0.00835EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/10/09 2:2 p.m.13 views

CVE-2024-47659

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.2AI score0.00835EPSS
Exploits0
OSV
OSV
added 2024/10/09 2:2 p.m.16 views

CVE-2024-47659 smack: tcp: ipv4, fix incorrect labeling

In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1...

8.8CVSS6.1AI score0.00835EPSS
Exploits0References12
CVE
CVE
added 2024/10/09 2:2 p.m.161 views

CVE-2024-47659

CVE-2024-47659 - Linux kernel Smack labeling flaw (tcp/ipv4) Unity/Ten able advisories summarize a kernel issue in Smack where the label of incoming tcp/ipv4 connections is mirrored from the initiator, causing return packets to be labeled with the initiator’s CIPSO label. This results in two conc...

8.8CVSS7.9AI score0.00835EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/10/01 9:15 p.m.4 views

DEBIAN-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

4.7CVSS6.4AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2024/09/23 12:0 a.m.58 views

CVE-2024-40441

CVE-2024-40441 describes a privilege-escalation flaw in Doccano’s open‑source tooling: the Doccano Open Source Annotation Tools for ML practitioners (v1.8.4) and the Doccano Auto Labeling Pipeline (v0.1.23) mishandle the model_attribs parameter, enabling remote attackers to elevate privileges. Ro...

6.6CVSS7.5AI score0.00667EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/23 12:0 a.m.20 views

CVE-2024-40441

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the modelattribs parameter...

0.00667EPSS
Exploits0References3
Fedora
Fedora
added 2024/07/01 4:50 a.m.16 views

[SECURITY] Fedora 40 Update: libreswan-4.15-1.fc40

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.7AI score0.008EPSS
Exploits0
Fedora
Fedora
added 2024/07/01 1:34 a.m.17 views

[SECURITY] Fedora 39 Update: libreswan-4.15-1.fc39

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS6.7AI score0.008EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:30 p.m.4 views

Malicious code in OCI.DotNetSDK.Datalabeling.service (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Rows per page
Query Builder