Lucene search
K

6686 matches found

OSV
OSV
added 2024/11/20 5:20 p.m.1 views

DRUPAL-CORE-2024-003

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...

5.4CVSS6.8AI score0.00321EPSS
Exploits0References1
Drupal
Drupal
added 2024/11/20 12:0 a.m.19 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003

Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...

5.4CVSS6.6AI score0.00321EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.5 views

The vulnerability of the DRM component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel DRM component is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause a service failure...

5.5CVSS6.7AI score0.0021EPSS
Exploits0References27Affected Software6
NVD
NVD
added 2024/11/18 9:15 p.m.16 views

CVE-2024-52506

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS0.00624EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/18 8:27 p.m.20 views

CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS6.5AI score0.00624EPSS
Exploits1References1
OSV
OSV
added 2024/11/18 8:27 p.m.4 views

CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS6.7AI score0.00624EPSS
Exploits1References5
OSV
OSV
added 2024/11/18 8:2 p.m.8 views

GHSA-VGGM-3478-VM5M Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

7.1CVSS6.5AI score0.00624EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/11/18 8:2 p.m.11 views

Graylog concurrent PDF report rendering can leak other users' reports

Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...

7.1CVSS6.5AI score0.00624EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/18 12:0 a.m.11 views

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of the DRM/AMDGPU kernel components in the Linux operating system is related to errors in the resource management of the amdgputtmgartbind function. Exploiting this vulnerability can allow a hacker to cause service failures...

5.5CVSS6.7AI score0.00228EPSS
Exploits0References33Affected Software5
Fedora
Fedora
added 2024/11/16 2:2 a.m.14 views

[SECURITY] Fedora 40 Update: webkitgtk-2.46.3-1.fc40

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

5.4CVSS7.3AI score0.0095EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/16 12:0 a.m.15 views

Fedora 40 : webkitgtk (2024-4d940908db)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4d940908db advisory. Update to WebKitGTK 2.46.3: Flatten layers to a plane when preseve-3d style is set. Fix DuckDuckGo links by adding a user agent quirk. Fix several...

5.4CVSS6.6AI score0.0095EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/11/14 12:21 p.m.45 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

9.8CVSS7.7AI score0.10593EPSS
Exploits8References19
RedHat Linux
RedHat Linux
added 2024/11/14 12:2 p.m.1 views

chromium-browser: Use after free in ANGLE

There's a flaw in the Angle package where processing maliciously crafted web content may lead to a use-after-free. A remote attacker may leverage that to exploit heap corruption related bugs, such as crashing the application or remote code execution...

9.6CVSS7.7AI score0.01344EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/14 10:20 a.m.26 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.5AI score0.10593EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2024/11/14 10:13 a.m.15 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5.5CVSS6.7AI score0.0095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/11/14 12:18 a.m.2 views

SUSE CVE-2024-51750

Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...

5CVSS7AI score0.00476EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.9 views

Fedora 37 : webkitgtk (2022-08fdc4138a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-08fdc4138a advisory. Fix scrolling issues in some sites having fixed background. Fix prolonged buffering during progressive live playback. Fix several crashes and...

8.8CVSS6.8AI score0.0141EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.4 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to bypassing authentication through spoofing, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service...

7.6CVSS6.6AI score0.0086EPSS
Exploits0References7Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.4 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to access to memory cells before the buffer is initialized, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules relates to access to memory cells before the buffer is initialized. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS7.8AI score0.0118EPSS
Exploits0References13Affected Software11
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.5 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to integer overflow, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to integer overflow. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS6.8AI score0.00819EPSS
Exploits0References12Affected Software4
Rows per page
Query Builder