Lucene search
K

11641 matches found

CNNVD
CNNVD
added 2024/12/10 12:0 a.m.3 views

Microsoft Input Method Editor 资源管理错误漏洞

Microsoft Input Method Editor IME is a software component from Microsoft Corporation that enables users to enter text in languages that cannot be easily represented on a standard QWERTY keyboard. A resource management error vulnerability exists in Microsoft Input Method Editor. An attacker could...

7.8CVSS6.4AI score0.00928EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.6 views

PT-2024-36561 · Nette · Nette Database

Name of the Vulnerable Software and Affected Versions: Nette Database versions 3.2.4 and earlier Description: The issue allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. This occurs when there's an untrusted filter sent straight ...

9.8CVSS7.9AI score0.00531EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2024/12/09 9:31 p.m.13 views

Bit flip attack vulnerability in cookie-encrypter

due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...

9.1CVSS6.7AI score0.00274EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/12/09 4:17 p.m.81 views

CVE-2024-45760

Dell OpenManage Server Administrator (Dell OMSA) — affected: version 11.0.1.0 and prior. Vulnerability: improper access control allowing a remote, low-privilege user to perform unauthorized actions with elevated privileges via HTTP GET. Impact per sources: potential elevation of privilege; no exp...

8.8CVSS7AI score0.00329EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/12/09 3:23 a.m.12 views

Denial Of Service (DoS)

org.keycloak, keycloak-services is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted data passed to the SearchQueryUtils method, which allows an attacker to exploit Regex complexity and exhaust system resources...

6.5CVSS6.5AI score0.01264EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2024/12/06 11:19 p.m.13 views

CVE-2024-12254

A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...

7.5CVSS6.3AI score0.01844EPSS
Exploits0References6
OSV
OSV
added 2024/12/06 4:15 p.m.18 views

CVE-2024-12254

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS6.6AI score
Exploits0References8
Cvelist
Cvelist
added 2024/12/06 3:19 p.m.17 views

CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS0.01844EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2024/12/06 3:19 p.m.23 views

CVE-2024-12254

Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...

8.7CVSS7.3AI score0.01844EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/06 12:30 p.m.24 views

Django denial-of-service in django.utils.html.strip_tags()

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.5AI score0.0137EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2024/12/06 12:15 p.m.6 views

PYSEC-2024-156

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.8AI score0.0137EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/12/06 12:15 p.m.11 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS0.0137EPSS
Exploits0References4
OSV
OSV
added 2024/12/06 12:15 p.m.15 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.5AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.8 views

The vulnerability of the atob method in the universal monitoring system Zabbix allows attackers to compromise the integrity of the protected information.

The vulnerability of the atob method in the Zabbix universal monitoring system is related to access to a critical private variable through a publicly accessible method. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...

6.8CVSS6.6AI score0.00797EPSS
Exploits0References10Affected Software4
Cvelist
Cvelist
added 2024/12/06 12:0 a.m.19 views

CVE-2024-44854

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan...

0.00555EPSS
Exploits1References3
Zero Day Initiative
Zero Day Initiative
added 2024/12/06 12:0 a.m.9 views

Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the WriteDataFile method. The issue results from th...

9.8CVSS7.4AI score0.49171EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/06 12:0 a.m.14 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

0.0137EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.1 views

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.0 and later, which stems from the fact that the...

8.7CVSS7.9AI score0.01844EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.5 views

PT-2024-9309 · Dell · Dell Openmanage Server Administrator

Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to an improper access control vulnerability in the Dell OpenManage Server Administrator. This vulnerability can be exploited by a remote...

8.8CVSS7.1AI score0.00329EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2024/12/06 12:0 a.m.7 views

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS7.1AI score0.0137EPSS
Exploits0
Rows per page
Query Builder