Lucene search
K

30456 matches found

AlpineLinux
AlpineLinux
added 2024/12/03 4:48 p.m.22 views

CVE-2024-53863

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

9.1CVSS7AI score0.00625EPSS
Exploits0
OSV
OSV
added 2024/12/03 9:7 a.m.3 views

SUSE-SU-2024:4145-1 Security update for wget

This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773...

6.5CVSS6.5AI score0.0111EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2024/12/02 12:30 p.m.0 views

Security update for wget

This update for wget fixes the following issues: CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...

6.1CVSS7.4AI score0.0111EPSS
Exploits0References4
OSV
OSV
added 2024/12/02 12:29 p.m.6 views

CLSA-2024-1733142550 Fix of 13 CVEs

CVE-url: https://ubuntu.com/security/CVE-2023-52614 - time: Introduce jiffies64tomsecs - PM / devfreq: Modify the indentation of transstat sysfs for readability - PM / devfreq: Do not show statistics if it's not ready. - PM / devfreq: Fix buffer overflow in transstatshow Bionic update: upstream...

7.8CVSS7.1AI score0.00259EPSS
Exploits0References1
Android Security Bulletins
Android Security Bulletins
added 2024/12/02 12:0 a.m.39 views

Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

8.8CVSS8.1AI score0.00368EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/29 6:39 p.m.9 views

CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

7.1CVSS6.6AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/29 6:39 p.m.25 views

CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...

7.1CVSS0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/29 6:26 p.m.11 views

CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

5.3CVSS6.8AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.4 views

PT-2024-9112 · Moby +6 · Moby +6

Name of the Vulnerable Software and Affected Versions: moby version 25.0.3 Description: The issue is related to a Race Condition in the streamformatter package, which can be exploited to trigger multiple concurrent write operations. This can result in data corruption or application crashes. The...

10CVSS7.8AI score0.03001EPSS
Exploits5References74
The Hacker News
The Hacker News
added 2024/11/28 4:57 p.m.9 views

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing...

9.8CVSS8AI score0.01485EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2024/11/28 7:58 a.m.1 views

Security update for frr

This update for frr fixes the following issues: Update to frr 8.5.6 jscPED-PED-11092 including fixes for: CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950, CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234, CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360,...

8.7CVSS6.8AI score0.02152EPSS
Exploits3References40
SUSE Linux
SUSE Linux
added 2024/11/28 7:57 a.m.3 views

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

6CVSS6.9AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2024/11/27 10:12 a.m.4 views

CLSA-2024-1732702350 squid: Fix of CVE-2024-45802

CVE-2024-45802: disable ESI...

7.5CVSS7.1AI score0.45289EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/26 6:52 p.m.48 views

CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver

Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...

2CVSS0.00536EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/26 6:37 p.m.9 views

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

6.3CVSS7.3AI score0.00399EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/26 12:0 a.m.14 views

RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 update (Moderate) (RHSA-2024:10386)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10386 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous...

6.1CVSS5.2AI score0.01959EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/25 11:18 p.m.29 views

CVE-2024-53843 Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

8.1CVSS0.00501EPSS
Exploits0References1
CVE
CVE
added 2024/11/25 7:19 p.m.69 views

CVE-2024-53258

CVE-2024-53258 affects Autolab, a course management service for auto-graded programming assignments. From v3.0.0, the existing download_all_submissions feature allows a logged-in user to download all submissions from another student, potentially leaking submissions to unauthorized users (includin...

7.1CVSS6.9AI score0.00469EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/25 7:19 p.m.16 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS0.00469EPSS
Exploits0References2
OSV
OSV
added 2024/11/25 5:18 p.m.4 views

CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767

SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...

4.3CVSS7AI score0.01124EPSS
Exploits1References1
Rows per page
Query Builder