Lucene search
K

30468 matches found

CBLMariner
CBLMariner
added 2024/07/03 1:33 a.m.17 views

CVE-2020-27814 affecting package openjpeg2 for versions less than 2.3.1-12

CVE-2020-27814 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...

7.8CVSS7AI score0.02008EPSS
Exploits1
Android Security Bulletins
Android Security Bulletins
added 2024/07/03 12:0 a.m.9 views

Wear OS Security Bulletin—July 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2024-07-05 or later from the July 2024 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

7.7AI score
Exploits0
NVD
NVD
added 2024/07/02 2:15 p.m.32 views

CVE-2024-36404

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

9.8CVSS0.74908EPSS
Exploits0References16
NVD
NVD
added 2024/07/02 2:15 p.m.17 views

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

7.8CVSS0.00322EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2024/07/02 12:0 a.m.305 views

openldap security update

2.4.46-19 - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in bermemallocx function...

7.5CVSS7.3AI score0.01947EPSS
Exploits0
Cvelist
Cvelist
added 2024/07/01 8:48 p.m.25 views

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

8.2CVSS0.11131EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/07/01 6:35 p.m.22 views

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

9.8CVSS7.8AI score0.20171EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/07/01 11:14 a.m.17 views

BIT-HUBBLE-UI-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

7.9CVSS6.7AI score0.0018EPSS
Exploits0References7
OSV
OSV
added 2024/07/01 11:14 a.m.11 views

BIT-HUBBLE-UI-BACKEND-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium...

7.9CVSS6.7AI score0.0018EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.6 views

PT-2024-5205 · Cocoapods · Cocoapods

Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue concerns the CocoaPods dependency manager, specifically the authentication server trunk.cocoapods.org. A problem was found in the part of the trunk that verifies whether a user...

10CVSS6.8AI score0.17786EPSS
Exploits1References15
Android Security Bulletins
Android Security Bulletins
added 2024/07/01 12:0 a.m.9 views

Android Automotive OS Update Bulletin—August 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2024-08-05 or later from the August 2024 Android Security Bulletin in addition to all issues in this...

7.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/28 9:2 p.m.30 views

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

4.3CVSS6.8AI score0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/28 9:2 p.m.31 views

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...

4.3CVSS0.00346EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/28 5:9 p.m.19 views

CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

8.8CVSS7AI score0.00757EPSS
Exploits0References4
OSV
OSV
added 2024/06/28 5:9 p.m.6 views

CVE-2024-37905 Improper Access Control and Incorrect Authorization in github.com/goauthentik/authentik

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including...

8.8CVSS7AI score0.00757EPSS
Exploits0References6
OSV
OSV
added 2024/06/28 10:9 a.m.4 views

CLSA-2024-1719569368 pam: Fix of CVE-2024-22365

CVE-2024-22365: use ODIRECTORY to prevent local DoS situations...

5.5CVSS7.2AI score0.00455EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.10 views

WordPress Esteem Theme <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software Esteem Type Theme Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37432 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a19e6eafcd7 Credits Michael Required privilege Author Published 28...

7.1CVSS6.6AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/26 3:55 p.m.39 views

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

3.1CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.4 views

PT-2024-22662 · Hitachi Vantara · Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.1.0.0 Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.3.0.7 Hitachi Vantara Pentaho Business Analytics Server version 8.3.x Description: The issue...

8.8CVSS6.5AI score0.00292EPSS
Exploits0References7
CVE
CVE
added 2024/06/25 2:22 p.m.77 views

CVE-2024-39362

CVE-2024-39362 is cited in Oracle Linux advisory ELSA-2024-12618 and in Nessus, tied to the I2C ACPI subsystem. The described issue is: i2c: acpi: Unbind mux adapters before delete. The sources do not provide exact root-cause details beyond this remediation note. Remediation is to apply the updat...

6.8AI score
Exploits0
Rows per page
Query Builder