Lucene search
K

11651 matches found

OSV
OSV
added 2024/11/07 10:15 a.m.29 views

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

6.1CVSS6.2AI score0.00452EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.3 views

Svakom Siime Eye 安全漏洞

Svakom Siime Eye is a smart home device from Svakom USA. A security vulnerability exists in Svakom Siime Eye version 14.1.00000001.3.330.0.0.3.14, which stems from the root user's password being hashed using an outdated and deprecated hashing technique...

6.3CVSS7AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2024/11/06 8:15 p.m.3 views

UBUNTU-CVE-2024-51755

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

2.2CVSS5.8AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2024/11/06 8:15 p.m.1 views

UBUNTU-CVE-2024-51754

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

2.2CVSS5.7AI score0.0044EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/06 7:28 p.m.24 views

CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig

Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...

2.2CVSS6.8AI score0.0044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/06 3:57 p.m.13 views

codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

9CVSS6.6AI score0.00472EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/06 3:57 p.m.6 views

GHSA-FPM5-2WCJ-VFR7 codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

Summary Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user is generated in a weak manner, cannot be disabled, and has universal access. Details Until CodeChecker version 6.24.1 there was an auto-generated super-user account...

9.4CVSS6.5AI score0.00472EPSS
Exploits0References5
OSV
OSV
added 2024/11/06 3:15 p.m.4 views

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

9CVSS7AI score
Exploits0References1
OSV
OSV
added 2024/11/06 3:35 a.m.6 views

MAL-2024-10475 Malicious code in babel-plugin-method-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29577c8ffc63866c4637065e68045167ad7f9d535d70f9d3cef45eaea4a00ffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/06 3:35 a.m.4 views

Malicious code in babel-plugin-method-version (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29577c8ffc63866c4637065e68045167ad7f9d535d70f9d3cef45eaea4a00ffa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.7 views

PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2

Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...

8.8CVSS6.5AI score0.63422EPSS
Exploits1References45
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.3 views

Twig 安全漏洞

Twig is a PHP template engine open-sourced by Twig. Twig has a security vulnerability that stems from the fact that when an object is part of an array or parameter list in a sandbox, an attacker can call the toString method on the object even if the security policy does not allow it...

2.2CVSS6.5AI score0.0044EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.4 views

PT-2024-34885 · Twig +3 · Twig +3

Name of the Vulnerable Software and Affected Versions: Twig versions prior to 3.11.2 Twig versions prior to 3.14.1 Description: In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an...

8.6CVSS9.2AI score0.00826EPSS
Exploits0References31
NVD
NVD
added 2024/11/05 6:15 p.m.12 views

CVE-2024-50117

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

5.5CVSS0.00245EPSS
Exploits0References10
OSV
OSV
added 2024/11/05 6:15 p.m.6 views

AZL-52500 CVE-2024-50117 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

5.5CVSS6.8AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 6:15 p.m.7 views

AZL-52471 CVE-2024-50117 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

5.5CVSS6.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 5:10 p.m.19 views

CVE-2024-50117 drm/amd: Guard against bad data for ATIF ACPI method

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

0.00245EPSS
Exploits0References8
CVE
CVE
added 2024/11/05 5:10 p.m.168 views

CVE-2024-50117

CVE-2024-50117 affects the Linux kernel DRM/AMDGPU path (ATIF ACPI method). The vulnerability stems from bad data returned by BIOS ACPI ATIF calls, which could cause a NULL pointer dereference in the caller when amdgpu_atif_query_backlight_caps processes the result. The issue was resolved by guar...

5.5CVSS5.1AI score0.00245EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/11/05 5:10 p.m.12 views

CVE-2024-50117 drm/amd: Guard against bad data for ATIF ACPI method

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

5.5CVSS6.3AI score0.00245EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the drm/amd module to properly handle bad data provided by the BIOS when processing the ATIF AC...

5.5CVSS6.7AI score0.00245EPSS
Exploits0References6
Rows per page
Query Builder