Lucene search
K

30468 matches found

Github Security Blog
Github Security Blog
added 2024/06/24 8:44 p.m.29 views

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...

7.5CVSS7AI score0.00589EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/24 6:0 p.m.30 views

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

9.9CVSS7AI score0.00342EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2024/06/24 1:52 p.m.27 views

CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfxv943init cpcomputemicrocode and rlcmicrocode The function gfxv943initmicrocode in gfxv943.c was generating about potential truncation of output when using the snprintf function. The issue was due...

0.00245EPSS
Exploits0References3
OSV
OSV
added 2024/06/24 12:0 a.m.26 views

OPENSUSE-SU-2024:14076-1 traefik2-2.11.5-1.1 on GA media

These are all security issues fixed in the traefik2-2.11.5-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS8.3AI score0.91969EPSS
Exploits4References15
Gentoo Linux
Gentoo Linux
added 2024/06/22 12:0 a.m.20 views

GLib: Privilege Escalation

Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...

5.2CVSS6.9AI score0.00756EPSS
Exploits1
OSV
OSV
added 2024/06/21 11:15 a.m.1 views

UBUNTU-CVE-2024-38622

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpucoreirqcallbackhandler callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by...

5.5CVSS5.8AI score0.00222EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/06/21 12:0 a.m.25 views

Dell Client BIOS Improper Input Validation (DSA-2024-167)

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. Note that Nessus has not tested for this issue but has...

6CVSS5.4AI score0.00148EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/06/20 2:29 p.m.20 views

CVE-2024-38610

In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrnvmrammap Patch series "mm: followpte improvements and acrn followpte fixes". Patch 1 fixes a bunch of issues I spotted in the acrn driver. It compiles, that's all I know. I'll...

4.4CVSS9AI score0.00213EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/06/20 11:13 a.m.23 views

CVE-2022-48771

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fencerep object will lead to a stale entry in the file descriptor table as putunusedfd won't release it. This enables userland to refer to a...

7.8CVSS5.5AI score0.00213EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/06/20 11:13 a.m.27 views

CVE-2022-48743

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUGON triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length...

5.5CVSS6.1AI score0.00251EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/06/20 11:13 a.m.18 views

CVE-2022-48718

In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should not ever dereference the NULL pointer which drmatomicgetnewbridgestate is allowed to return. Assume a fixed format instead...

5.5CVSS5.4AI score0.00207EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/06/19 5:2 p.m.13 views

CVE-2024-5564 affecting package libndp for versions less than 1.8-2

CVE-2024-5564 affecting package libndp for versions less than 1.8-2. A patched version of the package is available...

8.1CVSS6.9AI score0.01165EPSS
Exploits0
OSV
OSV
added 2024/06/19 3:15 p.m.2 views

DEBIAN-CVE-2021-47591

In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...

5.5CVSS5.4AI score0.00205EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/19 3:7 p.m.67 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This vulnerability...

6.1CVSS6.7AI score0.00529EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2024/06/19 10:38 a.m.10 views

SUSE-SU-2024:2090-1 Security update for podman

This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. bsc1224122 -...

8.3CVSS7.3AI score0.01279EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.2 views

PT-2024-27120 · Weblir · Weblir Login As Customer Pro

Name of the Vulnerable Software and Affected Versions: Weblir Login as customer PRO module versions prior to 1.2.7 Description: The issue allows a guest to access a direct link to connect to each customer account of the shop if the module is not installed or if a secret accessible to the...

7.5CVSS7.2AI score0.00379EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2024/06/18 12:0 a.m.6 views

Security update for gdcm (important)

openSUSE Security Update: Security update for gdcm Announcement ID: openSUSE-SU-2024:0167-1 Rating: important References: 1223398 Cross-References: CVE-2024-22373 CVSS scores: CVE-2024-22373 SUSE: 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 An...

8.1CVSS7.3AI score0.01474EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/18 12:0 a.m.16 views

Oracle Linux 7 : flatpak (ELSA-2024-3980)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3980 advisory. 1.0.9-13 - Fix CVE-2024-32462 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

8.4CVSS7.7AI score0.00512EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/06/17 9:20 p.m.44 views

DeepJavaLibrary API absolute path traversal

Summary DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions: 0.1...

10CVSS6.7AI score0.00655EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/17 7:9 p.m.498 views

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

7.5CVSS6.8AI score0.01357EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder