Lucene search
K

30456 matches found

Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.3 views

PT-2024-28929 · Pentaminds · Pentaminds Curovms

Name of the Vulnerable Software and Affected Versions: Pentaminds CuroVMS version 2.0.1 Description: The issue is related to exposed credentials in the software. This means that sensitive information, such as passwords or other authentication data, is not properly secured and can be accessed by...

9.1CVSS6.5AI score0.00626EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2024/12/09 12:0 a.m.21 views

CentOS 9 : kernel-5.14.0-539.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-539.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmtindexremoved If...

5.5CVSS6.1AI score0.00266EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/12/06 9:24 p.m.62 views

shared_preferences_android vulnerability

Impact Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code...

7.6AI score
Exploits0References3Affected Software1
NVD
NVD
added 2024/12/06 5:15 p.m.23 views

CVE-2024-50393

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

9.8CVSS0.01293EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 5:15 p.m.12 views

CVE-2024-48863

A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later...

9.8CVSS0.01023EPSS
Exploits0References1
OSV
OSV
added 2024/12/06 3:23 p.m.9 views

OESA-2024-2504 golang security update

. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References2
OSV
OSV
added 2024/12/06 3:11 p.m.19 views

CVE-2024-54135 Untrusted Deserialization in ClipBucket-v5 Version 2.0 to 5.5.1 Revision 199

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...

9.8CVSS6.8AI score0.00717EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2024/12/06 10:35 a.m.10 views

Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024119 fixes several issues. The following security issues were fixed: CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35905: Fixed int overflow for stack...

7.8CVSS8.7AI score0.00757EPSS
Exploits1References90
OpenVAS
OpenVAS
added 2024/12/06 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2024:4204-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS6.8AI score0.16496EPSS
Exploits0References9
OSV
OSV
added 2024/12/05 8:18 p.m.9 views

CLSA-2024-1733429914 php: Fix of CVE-2024-11233

CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter...

8.2CVSS6.3AI score0.01618EPSS
Exploits1References1
OSV
OSV
added 2024/12/05 2:58 p.m.17 views

SUSE-SU-2024:4205-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - Remove DOCKERNETWORKOPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. - Further merge docker a...

9.9CVSS9.8AI score0.16496EPSS
Exploits0References8
CBLMariner
CBLMariner
added 2024/12/05 12:57 a.m.12 views

CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6

CVE-2024-24786 affecting package prometheus for versions less than 2.45.4-6. A patched version of the package is available...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/12/05 12:57 a.m.12 views

CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2

CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2. A patched version of the package is available...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/12/05 12:16 a.m.2 views

SUSE CVE-2024-53129

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtcstate. Fix warning: drivers/gpu/drm/rockchip/rockchipdrmvop.c:1096 vopplaneatomicasynccheck warn: variable dereferenced...

5.5CVSS7.7AI score0.00207EPSS
Exploits0References16
Android Security Bulletins
Android Security Bulletins
added 2024/12/05 12:0 a.m.13 views

Pixel Watch Security Bulletin—December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2024-11-05 or later address all issues in this bulletin and all issues in the November 2024 Android Security Bulletin and all...

6.7CVSS7.8AI score0.00103EPSS
Exploits0
CVE
CVE
added 2024/12/04 10:20 p.m.56 views

CVE-2024-53982

CVE-2024-53982 affects the Zoo-Project WPS implementation, specifically the Echo example. The vulnerability arises from lack of input validation in a file-caching parameter, enabling an attacker to fully control the file returned in the response (path traversal). A patch was committed on 2024-11-...

8.7CVSS6.4AI score0.0046EPSS
Exploits0References2
OSV
OSV
added 2024/12/04 3:15 p.m.0 views

UBUNTU-CVE-2024-53132

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drmWARN: 953.586396 xe 0000:00:02.0: drm Missing outer runtime PM protection ... 953.587090 ? xepmruntimegetnoresume+0x8d/0xa0 xe 953.587208...

5.5CVSS5.7AI score0.00176EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/12/04 2:20 p.m.9 views

CVE-2024-53139 sctp: fix possible UAF in sctp_v6_available()

In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctpv6available A lockdep report 1 with CONFIGPROVERCULIST=y hints that sctpv6available is calling devgetbyindexrcu and ipv6chkaddr without holding rcu. 1 ============================= WARNING: suspiciou...

7.4AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.5 views

PT-2024-17151 · WordPress · Accessibility By Allaccessible

Name of the Vulnerable Software and Affected Versions: Accessibility by AllAccessible plugin for WordPress versions up to, and including, 1.3.4 Description: The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege...

8.8CVSS7.4AI score0.0072EPSS
Exploits0References9
OSV
OSV
added 2024/12/03 6:44 p.m.12 views

GHSA-VP6V-WHFM-RV3G Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Impact In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands...

8.2CVSS5.1AI score0.00625EPSS
Exploits0References3
Rows per page
Query Builder