Lucene search
K

190 matches found

OSV
OSV
added 2024/11/11 4:9 p.m.7 views

CLSA-2024-1731341386 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.0812EPSS
Exploits0References1
OSV
OSV
added 2024/11/11 4:3 p.m.6 views

CLSA-2024-1731340993 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.0812EPSS
Exploits0References1
OSV
OSV
added 2024/11/11 3:35 p.m.10 views

CLSA-2024-1731337736 bzip2: Fix of CVE-2019-12900

CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...

9.8CVSS6.8AI score0.0812EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/10/16 12:0 a.m.17 views

Fedora: Security Advisory (FEDORA-2024-8a9a692906)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS5.3AI score0.04488EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/12 12:0 a.m.20 views

Fedora 40 : redis (2024-5d4eb04e76)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...

8.8CVSS7.2AI score0.04488EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/07 7:51 p.m.20 views

CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

4.4CVSS0.00397EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/10/02 12:0 a.m.22 views

redis,valkey -- Multiple vulnerabilities

Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...

8.8CVSS7.2AI score0.04488EPSS
Exploits1References1
OSV
OSV
added 2024/08/21 4:3 p.m.12 views

GO-2022-0959 Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium

Network Policies & Clusterwide Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium...

7.1AI score
Exploits0References4
OSV
OSV
added 2023/08/22 7:16 p.m.10 views

AZL-43987 CVE-2022-43358 affecting package libsass 3.6.3-3

Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service DoS...

7.5CVSS7.2AI score0.01252EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.5 views

LibSass 缓冲区错误漏洞

LibSass is an open source Sass CSS Extension Language parser written in C. It can be used for a variety of purposes, including parsing and analysis. A security vulnerability exists in LibSass version 3.6.5, which stems from a stack overflow vulnerability in astselectors.cpp in...

7.5CVSS7.3AI score0.01252EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.10 views

_payFallbackGas is not being paid in case selector is 0x07 or 0x08

Lines of code Vulnerability details Impact payFallbackGas gas is not being paid for selectors 0x07 and 0x08 which causes a loss for protocol's execution gas budget. In case Execution budget is not enough then anyFallback will fail. Proof of Concept In payFallbackGas gas should always be paid in...

7.2AI score
Exploits0
Prion
Prion
added 2023/04/17 10:15 p.m.15 views

Code injection

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5CVSS5.2AI score0.00812EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-12900

BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

8.4CVSS8.1AI score0.0812EPSS
Exploits0References53
Vulnrichment
Vulnrichment
added 2022/12/21 1:21 a.m.8 views

CVE-2022-44643 Access policy with access to all tenants and using label selectors has more access

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...

5.7CVSS7.1AI score0.00473EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.11 views

Fedora: Security Advisory for golang-github-andybalholm-cascadia (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.0995EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/17 1:15 a.m.24 views

[SECURITY] Fedora 35 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc35

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

9.3CVSS8.2AI score0.0995EPSS
Exploits4
Fedora
Fedora
added 2022/07/04 1:35 a.m.32 views

[SECURITY] Fedora 36 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc36

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

9.3CVSS8.2AI score0.0995EPSS
Exploits4
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.7 views

Mermaid 跨站脚本漏洞

Mermaid is a software application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions prior to 9.1.3, which stems from the fact that whenever there is an actual match, the browser issues an http request to load a background image,...

6.1CVSS5.8AI score0.00849EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.7 views

CVE-2022-0969

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...

4.8CVSS5.5AI score0.0073EPSS
Exploits2References3
OSV
OSV
added 2022/03/11 6:15 p.m.9 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS6.6AI score0.00508EPSS
Exploits0References7
Rows per page
Query Builder