Lucene search
K

11641 matches found

RedhatCVE
RedhatCVE
added 2024/12/29 2:54 p.m.16 views

CVE-2024-56692

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncatenode syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fsinvalidateblocks+0x35f/0x370...

5.5CVSS6.7AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/12/29 2:31 p.m.12 views

CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-;l2tptunnelidr; idrdestroy&pn-;l2tptunnelidr; By forcing memory...

5.5CVSS6.8AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2024/12/29 12:15 p.m.18 views

CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS0.00208EPSS
Exploits0References7
OSV
OSV
added 2024/12/29 12:15 p.m.11 views

AZL-55005 CVE-2024-56745 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS6.7AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2024/12/29 12:15 p.m.10 views

AZL-55112 CVE-2024-56745 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS6.7AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2024/12/29 12:15 p.m.2 views

DEBIAN-CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS5.6AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/29 11:30 a.m.2 views

CVE-2024-56745 PCI: Fix reset_method_store() memory leak

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.3AI score0.00208EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/12/29 11:30 a.m.19 views

CVE-2024-56745 PCI: Fix reset_method_store() memory leak

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

0.00208EPSS
Exploits0References6
CVE
CVE
added 2024/12/29 11:30 a.m.136 views

CVE-2024-56745

CVE-2024-56745 : Linux kernel vulnerability where reset_method_store() leaked allocated memory (via kstrndup) when parsing a string with strsep, because options could be freed after strsep nulled it. A fix preserves the original options string by iterating with a separate tmp_options, preventing ...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/12/29 11:30 a.m.12 views

CVE-2024-56745 PCI: Fix reset_method_store() memory leak

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

3.3CVSS5.9AI score0.00208EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2024/12/29 11:30 a.m.9 views

CVE-2024-56745

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...

5.5CVSS5.6AI score0.00208EPSS
Exploits0
CVE
CVE
added 2024/12/27 12:0 a.m.76 views

CVE-2024-50944

Consolidated details show a concrete issue in SimplCommerce: an integer overflow in the shopping cart, specifically in the CartController.AddToCart method, triggered by crafted inputs to the quantity parameter. Affected: SimplCommerce with commit 230310c8d7a0408569b292c5a805c459d47a1d8f and versi...

9.8CVSS7.4AI score0.00981EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/27 12:0 a.m.14 views

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

7.5AI score0.00593EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/12/25 10:6 a.m.106 views

CVE-2024-52046

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

10CVSS8.3AI score0.23932EPSS
Exploits0
OSV
OSV
added 2024/12/23 5:56 p.m.2 views

GHSA-Q2X7-8RV6-6Q7H Jinja has a sandbox breakout through indirect reference to format method

An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...

7.8CVSS7.5AI score0.005EPSS
Exploits0References6
Snyk
Snyk
added 2024/12/23 4:40 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toHTMLEx method due to improper input sanitization. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input data processed by this method. Details Cross-site...

6.8CVSS5.5AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2024/12/23 3:43 p.m.934 views

CVE-2024-56326

CVE-2024-56326 affects Jinja2 prior to 3.1.5, where an oversight in the sandboxed environment allows an attacker who can control template content to execute arbitrary Python code. The vulnerability arises from how calls to str.format can be indirectly invoked via filters, bypassing sandbox protec...

7.8CVSS7.1AI score0.005EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/23 12:0 a.m.3 views

PT-2024-10181 · Unknown · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to the bypass of the cross-site scripting sanitizer...

5.4CVSS6.7AI score0.00366EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.7 views

PT-2024-34465 · Unknown · Simplcommerce

Name of the Vulnerable Software and Affected Versions: SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f SimplCommerce version 1.0.0 Description: An integer overflow vulnerability exists in the shopping cart functionality of SimplCommerce. The issue lies in the quantity...

9.8CVSS7.3AI score0.00981EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/12/20 12:0 a.m.3 views

Spatie Browsershot 安全漏洞

Spatie Browsershot is a codebase from the Belgian Spatie team that converts browser pages into PDF or image formats based on Php and Javascript. A security vulnerability exists in Spatie Browsershot versions prior to 5.0.3, which stems from improper URL validation via the setUrl method...

8.6CVSS6.4AI score0.00601EPSS
Exploits0References4
Rows per page
Query Builder