Lucene search
K

30464 matches found

OSV
OSV
added 2024/09/09 12:0 a.m.11 views

OPENSUSE-SU-2024:14325-1 MozillaThunderbird-115.15.0-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-115.15.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.6AI score0.04395EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2024/09/06 7:16 p.m.22 views

CVE-2022-33065 affecting package libsndfile for versions less than 1.0.31-3

CVE-2022-33065 affecting package libsndfile for versions less than 1.0.31-3. A patched version of the package is available...

7.8CVSS6.9AI score0.00351EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/09/06 7:16 p.m.11 views

CVE-2024-7383 affecting package libnbd for versions less than 1.12.1-4

CVE-2024-7383 affecting package libnbd for versions less than 1.12.1-4. A patched version of the package is available...

7.4CVSS7AI score0.0039EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/09/06 7:16 p.m.37 views

CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20

CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20. A patched version of the package is available...

8.8CVSS7AI score0.01397EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/09/06 7:16 p.m.29 views

CVE-2022-41717 affecting package containerized-data-importer for versions less than 1.55.0-20

CVE-2022-41717 affecting package containerized-data-importer for versions less than 1.55.0-20. A patched version of the package is available...

5.3CVSS7.3AI score0.05623EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/09/06 7:14 p.m.23 views

CVE-2024-45294

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.4AI score0.00975EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/06 4:26 p.m.14 views

CVE-2023-51368 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...

5.4CVSS0.0031EPSS
Exploits0References1
OSV
OSV
added 2024/09/06 3:46 p.m.5 views

CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...

8.6CVSS8.2AI score0.00975EPSS
Exploits0References6
OSV
OSV
added 2024/09/06 1:15 p.m.1 views

DEBIAN-CVE-2024-45405

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

6CVSS5.6AI score0.00257EPSS
Exploits0References1
Fedora
Fedora
added 2024/09/06 4:5 a.m.17 views

[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

7.5CVSS6.5AI score0.25327EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.66 views

Cisco NX-OS Software Python Sbox Escape Multiple Vulnerabilities (cisco-sa-nxos-psbe-ce-YvbTn5du)

According to its self-reported version, Cisco NX-OS Software is affected by multiple vulnerabilities. - A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- privileged, local attacker to escape the Python sandbox and gain unauthorized access to the...

8.8CVSS6AI score0.00194EPSS
Exploits0References15
CVE
CVE
added 2024/09/05 4:30 p.m.70 views

CVE-2024-24759

CVE-2024-24759 (MindsDB) : A DNS rebinding flaw allows bypassing SSRF protection across the MindsDB website prior to version 23.12.4.2, with potential denial-of-service. The issue is fixed in version 23.12.4.2 and later. Remediation: upgrade to 23.12.4.2+ (or later).

9.3CVSS9.2AI score0.04936EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.5 views

PT-2025-18291 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 13.5-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.7.x Description: The issue is related to an open redirect vulnerability in the HTML conversion request filter. This allo...

6.4CVSS6AI score0.00539EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2024/09/04 8:18 p.m.17 views

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack

Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...

7.5CVSS6.7AI score0.00441EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/09/04 7:54 p.m.121 views

CVE-2024-45008

CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...

5.5CVSS7AI score0.00237EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/09/04 4:15 p.m.16 views

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS0.01342EPSS
Exploits1References2
OSV
OSV
added 2024/09/04 4:4 p.m.22 views

CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

9.1CVSS7.9AI score0.01342EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2024/09/04 3:14 a.m.3 views

SUSE CVE-2024-45306

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...

4.4CVSS6.9AI score0.00298EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.8 views

PT-2024-20014 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: Google Pixel versions affected versions not specified Non-Pixel Android versions affected versions not specified Description: A high severity Bluetooth issue is reported, which has been listed for both Pixel and non-Pixel devices in different...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/09/03 7:42 p.m.13 views

GHSA-Q765-WM9J-66QJ @blakeembrey/template vulnerable to code injection when attacker controls template input

Impact It is possible to inject and run code within the template if the attacker has access to write the template name. js const template = require'@blakeembrey/template'; template"Hello name!", "exploit && = console.log'success'; && function pwned"; Patches Upgrade to 1.2.0. Workarounds Don't pa...

7.3CVSS8.5AI score0.00433EPSS
Exploits0References4
Rows per page
Query Builder