Lucene search
K

30465 matches found

CBLMariner
CBLMariner
added 2024/08/05 3:22 a.m.15 views

CVE-2024-24788 affecting package golang for versions less than 1.22.3-1

CVE-2024-24788 affecting package golang for versions less than 1.22.3-1. A patched version of the package is available...

5.9CVSS6.9AI score0.01001EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-22384 · Bm Soft · Bmplanning

Name of the Vulnerable Software and Affected Versions: BM SOFT BMPlanning version 1.0.0.1 Description: The issue allows authenticated users to execute arbitrary SQL commands via parameters such as SEC IDF, LIE IDF, PLANF IDF, CLI IDF, DOS IDF, and possibly others to the "/BMServerR.dll/BMRest" AP...

8.8CVSS7.9AI score0.00458EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/08/01 9:44 p.m.21 views

CVE-2024-41965 Vim < v9.1.0648 has a double-free in dialog_changed()

Vim is an open source command line text editor. double-free in dialogchanged in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a nam...

4.2CVSS7AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2024/08/01 5:16 p.m.2 views

CVE-2024-7211

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated wit...

6.1CVSS5.7AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/01 12:9 p.m.16 views

CVE-2024-42161

A vulnerability was found in the Linux kernel in the bpfenumvaluekind function, where a lack of proper checks could lead to an uninitialized variable being used. This issue could lead to undefined behavior or memory corruption. Mitigation Mitigation for this issue is either not available or the...

6.3CVSS7.9AI score0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.3 views

PT-2024-5360

Name of the Vulnerable Software and Affected Versions AVTECH AVM1203 versions prior to the latest supported version AVTECH IP cameras affected versions not specified Description The issue is related to a command injection vulnerability found in the brightness function of AVTECH closed-circuit...

9.8CVSS10AI score0.38998EPSS
Exploits5References98
NVD
NVD
added 2024/07/31 4:15 p.m.24 views

CVE-2024-37898

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the pag...

4.3CVSS0.00398EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/31 3:24 p.m.48 views

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

9CVSS0.01572EPSS
Exploits0References4
OSV
OSV
added 2024/07/31 3:21 p.m.13 views

GHSA-WF3X-JCCF-5G5G XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

Impact When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user...

8.7CVSS5.4AI score0.14803EPSS
Exploits1References10
Cvelist
Cvelist
added 2024/07/31 3:15 p.m.33 views

CVE-2024-37900 XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a...

6.4CVSS0.14803EPSS
Exploits1References8
OSV
OSV
added 2024/07/30 8:15 a.m.1 views

UBUNTU-CVE-2024-42144

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvtsthermal: Check NULL ptr on lvtsdata Verify that lvtsdata is not NULL before using it...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References16
OSV
OSV
added 2024/07/30 8:15 a.m.3 views

UBUNTU-CVE-2024-42161

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

6.3CVSS6.3AI score0.0022EPSS
Exploits0References25
Debian CVE
Debian CVE
added 2024/07/30 7:46 a.m.17 views

CVE-2024-42139

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause ...

5.5CVSS5AI score0.002EPSS
Exploits0
OSV
OSV
added 2024/07/30 7:9 a.m.19 views

SUSE-SU-2024:2628-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...

7.4CVSS6.7AI score0.01257EPSS
Exploits0References12
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 4:56 a.m.4 views

EC-CUBE 4 Series improper input validation when installing plugins

Overview EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. EC-CUBE CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and EC-CUBE CO.,LTD. coordinated under the Information Security Early...

7.2CVSS7.2AI score0.00267EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 12:0 a.m.12 views

JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins

EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...

7.2CVSS7.1AI score0.00267EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/07/29 10:17 p.m.25 views

CVE-2024-40777

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination...

7AI score0.0776EPSS
Exploits0References5
CVE
CVE
added 2024/07/29 10:17 p.m.79 views

CVE-2024-40784

CVE-2024-40784 involves an integer overflow that was addressed by improved input validation. The issue affects Apple platforms when processing a maliciously crafted file, potentially causing an unexpected app termination. Public disclosures in connected sources (Red Hat, CIRCL, Nessus/OPENVAS sum...

7.8CVSS5.9AI score0.00293EPSS
Exploits0References28Affected Software6
Vulnrichment
Vulnrichment
added 2024/07/29 10:16 p.m.16 views

CVE-2024-40787

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...

5.8AI score0.00335EPSS
Exploits0References5
Mageia
Mageia
added 2024/07/29 6:26 p.m.67 views

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products scope change. Successf...

8.2CVSS6.8AI score0.00457EPSS
Exploits0References3
Rows per page
Query Builder