Lucene search
K

30457 matches found

CBLMariner
CBLMariner
added 2024/11/11 6:23 p.m.9 views

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8. A patched version of the package is available...

8.7CVSS7.6AI score0.01429EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/11/11 6:23 p.m.9 views

CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3

CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3. A patched version of the package is available...

8.7CVSS7.6AI score0.01429EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/11 5:33 a.m.16 views

CVE-2024-38826 CVE-2024-38826 Cloud Controller Denial of Service Attack

Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: Upgrade capi release version to 1.194.0 or...

5.3CVSS7.1AI score0.00383EPSS
Exploits0References1
OSV
OSV
added 2024/11/08 6:15 a.m.4 views

UBUNTU-CVE-2024-50201

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder-possibleclones Include the encoder itself in its possibleclones bitmask. In the past nothing validated that drivers were populating possibleclones correctly, but that changed in commit 74d2aacbe840 "drm:...

5.5CVSS6.2AI score0.00213EPSS
Exploits0References37
Debian CVE
Debian CVE
added 2024/11/08 6:7 a.m.10 views

CVE-2024-50204

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling freemntns will try to remove the copy from the rbtree which is...

5.5CVSS5.5AI score0.00176EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/11/08 5:54 a.m.9 views

CVE-2024-50199

In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unusevma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous...

5.5CVSS5.7AI score0.00223EPSS
Exploits0
CVE
CVE
added 2024/11/08 5:38 a.m.160 views

CVE-2024-50182

CVE-2024-50182 : Linux kernel secretmem memfd_secret() is disabled if arch cannot set direct map. On arm64 with !can_set_direct_map(), set_direct_map_invalid_noflush() becomes a no-op that returns success, making memfd_secret() appear to work but not remove memory from the direct map. The patch m...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/11/08 5:38 a.m.12 views

CVE-2024-50182 secretmem: disable memfd_secret() if arch cannot set direct map

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfdsecret if arch cannot set direct map Return -ENOSYS from memfdsecret syscall if !cansetdirectmap. This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not...

5.5CVSS6.2AI score0.00222EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2024/11/08 12:0 a.m.20 views

firefox security update

128.4.0-1.0.1 - Update to 128.4.0 build1 Orabug: 37236498CVE-2024-10458CVE-2024-10459 CVE-2024-10460CVE-2024-10461CVE-2024-10462CVE-2024-10463 CVE-2024-10464CVE-2024-10465CVE-2024-10466CVE-2024-10467...

8.8CVSS7.3AI score0.00815EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.14 views

Cisco Identity Services Engine XSS (cisco-sa-ise-auth-bypass-BBRf7mkE)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability in the web-based management interface of Cisco ISE which could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Note that Nessus has not tested...

6.1CVSS5.5AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/07 5:0 p.m.31 views

CVE-2024-10965 emqx neuron JSON File schema information disclosure

A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The pat...

5.3CVSS0.0047EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2024/11/07 9:31 a.m.10 views

CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

7.8CVSS6.2AI score0.00241EPSS
Exploits0
Saint
Saint
added 2024/11/07 12:0 a.m.102 views

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

8.5AI score
Exploits0
Cvelist
Cvelist
added 2024/11/06 7:27 p.m.19 views

CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

2.2CVSS0.00414EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/06 3:22 p.m.20 views

Symfony vulnerable to open redirect via browser-sanitized URLs

Description The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain. Resolution The Request::create methods now assert the URI does not contain invalid...

6.1CVSS3.9AI score0.00565EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/11/06 3:22 p.m.13 views

GHSA-MRQX-RP3W-JPJP Symfony vulnerable to open redirect via browser-sanitized URLs

Description The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain. Resolution The Request::create methods now assert the URI does not contain invalid...

3.1CVSS3.7AI score0.00565EPSS
Exploits0References9
OSV
OSV
added 2024/11/06 3:11 p.m.20 views

GHSA-X8VP-GF4Q-MW5J Symfony allows changing the environment through a query

Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. Resolution The SymfonyRuntime now ignores the argv values for non-cli...

7.3CVSS6.9AI score0.63422EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2024/11/06 10:11 a.m.2 views

Security update for libgsf

This update for libgsf fixes the following issues: CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation bsc1231282, bsc1231283. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

7.8CVSS6.2AI score0.00457EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.27 views

Spring Security 5.7 < 5.7.13 / 5.8 < 5.8.15 / 6.0 < 6.0.13 / 6.1 < 6.1.11 / 6.2 < 6.2.7 / 6.3 < 6.3.4 Authorization Bypass (CVE-2024-38821)

The remote host contains a Spring Security version that is 5.7 prior to 5.7.13, 5.8 prior to 5.8.15, 6.0 prior to 6.0.13, 6.1 prior to 6.1.11, 6.2 prior to 6.2.7, or 6.3 prior to 6.3.4. It may, therefore, be affected by an authorization bypass vulnerability. Note that Nessus has not tested for th...

9.1CVSS7.1AI score0.01726EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/11/06 12:0 a.m.15 views

Google Chrome Security Update (stable-channel-update-for-desktop-2024-11) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS8.6AI score0.00637EPSS
Exploits0References1
Rows per page
Query Builder