Lucene search
K

186 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3902

Malware in sbrugna...

9.6CVSS8.8AI score0.01651EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2015-1192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. CVE-2015-1192...

5CVSS5.8AI score0.01505EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/03/25 4:1 p.m.1 views

SUSE CVE-2025-2750

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is...

8.8CVSS6.2AI score0.00431EPSS
Exploits1References3
OSV
OSV
added 2025/03/19 6:15 a.m.5 views

CVE-2024-50631

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via...

7.5CVSS5.9AI score0.24866EPSS
Exploits0References1
OSV
OSV
added 2025/03/19 2:15 a.m.5 views

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...

5.3CVSS5.8AI score0.00352EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/03/04 8:0 a.m.5 views

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.

...

7.5CVSS7.9AI score0.01037EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.6 views

The vulnerability of the Prometheus Remote Write plugin for collecting and processing Fluent Bit logs, related to the assignment of a zero pointer, allows a malicious actor to trigger a service failure.

The vulnerability of the Prometheus Remote Write plugin for collecting and processing Fluent Bit logs is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure by sending a specially crafted HTTP request...

7.8CVSS7.5AI score0.01037EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/19 3:52 a.m.9 views

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

7.5CVSS7.6AI score0.01037EPSS
Exploits2References6
OSV
OSV
added 2025/02/18 6:15 p.m.7 views

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

7.5CVSS7.3AI score0.01037EPSS
Exploits2References3
NVD
NVD
added 2025/02/18 6:15 p.m.8 views

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

7.5CVSS0.01037EPSS
Exploits2References3
OSV
OSV
added 2025/02/18 6:15 p.m.9 views

AZL-57092 CVE-2024-50608 affecting package fluent-bit for versions less than 3.0.6-2

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

7.5CVSS7.2AI score0.01037EPSS
Exploits2References1
OSV
OSV
added 2025/02/18 6:15 p.m.8 views

AZL-57074 CVE-2024-50608 affecting package fluent-bit for versions less than 3.1.9-3

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

7.5CVSS5.8AI score0.01037EPSS
Exploits2References1
CVE
CVE
added 2025/02/18 12:0 a.m.80 views

CVE-2024-50608

Fluent Bit 3.1.9 is affected by CVE-2024-50608 (Prometheus Remote Write input) and CVE-2024-50609 (OpenTelemetry input). In both cases, sending a crafted HTTP request with Content-Length: 0 triggers a NULL pointer dereference in the server (via cfl_sds_len) and can cause remote DoS. Connected adv...

7.5CVSS7.3AI score0.01037EPSS
Exploits2References3Affected Software1
SUSE Linux
SUSE Linux
added 2025/02/14 7:16 a.m.6 views

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling bsc1232970 Highlights of other changes: Performance: Significant...

9.4CVSS8.1AI score0.04094EPSS
Exploits3References60
RedhatCVE
RedhatCVE
added 2025/02/05 2:13 p.m.9 views

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

9.6CVSS7AI score0.01651EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.5 views

The vulnerability of the application programming interface of the Skipper server on the Spring Cloud Data Flow microservices platform allows a perpetrator to write a file to any directory in the system using a specially crafted API request.

The vulnerability of the application programming interface of the Skipper server in the Spring Cloud Data Flow microservices platform is related to improper code generation management. Exploiting this vulnerability allows an attacker, operating remotely, to write a file to any directory in the...

10CVSS5.5AI score0.35211EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2024/09/17 7:48 a.m.27 views

SUSE-SU-2024:3288-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus fixes the following issues: - Require Go 1.20 for building - Bump go-retryablehttp to version 0.7.7 CVE-2024-6104, bsc1227038 - Migrate from disabled to manual service mode - Add0003-Bump-go-retryablehttp.patch - Update to 2.45.6 jscPED-3577:...

7.5CVSS7.5AI score0.04561EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/07/12 12:0 a.m.9 views

The vulnerability of the “Document Approval Service” software lies in the improper limitation of the path name to the catalog, which allows a violator to gain access to read and write local files.

The vulnerability of the “Service for Document Approval” software is related to incorrect restrictions on the path to the catalog. Exploiting this vulnerability can allow an attacker who operates remotely to gain read and write access to local files...

7.7CVSS5.5AI score
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2024/05/16 2:23 a.m.7 views

SUSE CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.8AI score0.11007EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.5 views

The vulnerability of the Apache Airflow network software, related to improper saving of permissions, allows a malicious actor to gain access to write arbitrary files to the file system.

The vulnerability of the Apache Airflow network software is related to the improper storage of permissions. Exploiting this vulnerability can allow a malicious actor to gain access to and modify any files in the file system remotely...

5.9CVSS5.8AI score0.0146EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder