Lucene search
+L

223 matches found

ubuntucve
ubuntucve
added 2024/05/21 3:15 p.m.20 views

CVE-2021-47274

In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: 1640542.554277 general protection fault: 0000 1...

9.8CVSS6.5AI score0.01261EPSS
Exploits0References9
thn
thn
added 2024/05/14 3:49 p.m.30 views

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service DoS condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation...

9.3CVSS7.5AI score0.03542EPSS
Exploits0
github
github
added 2024/04/26 10:19 p.m.35 views

Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

5.5CVSS6.2AI score0.00594EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2024/04/07 12:0 a.m.6 views

PT-2024-23342 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: Huawei devices using HarmonyOS affected versions not specified Description: The issue is related to a Use After Free UAF vulnerability in the underlying driver module, which can affect availability upon successful exploitation. It is estimate...

7.5CVSS7AI score0.00379EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/03/22 5:1 p.m.15 views

CVE-2024-29184 FreeScout Stored XSS to Privilege Escalation After CSP Bypass

FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...

8CVSS7AI score0.00861EPSS
Exploits1References1
kaspersky
kaspersky
added 2024/03/14 12:0 a.m.30 views

KLA65185 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft Edge...

8.8CVSS8.4AI score0.02093EPSS
Exploits1References5
securelist
securelist
added 2024/03/12 10:0 a.m.62 views

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project OWASP online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilitie...

8.2AI score
Exploits0
osv
osv
added 2024/01/24 8:23 p.m.11 views

MAL-2024-702 Malicious code in wlwz-2312-5901 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06e56399d2c555df817800d1d9eaee5fb14f8a47e5e6fc30355bbf972576c02e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2024/01/24 8:23 p.m.9 views

MAL-2024-269 Malicious code in wlwz-2312-1100 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8add08cde3ab9d753914e8d24a898068febbfd0d53038ba27e063e0a3f67bd98 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
osv
osv
added 2024/01/24 8:23 p.m.5 views

MAL-2024-207 Malicious code in wlwz-2312-0401 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 13ab0b4464c5eaec762c240555a250716d0f771a981f37b435a791aeabf6be39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
nvd
nvd
added 2024/01/18 12:15 a.m.56 views

CVE-2024-22416

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...

9.6CVSS9.4AI score0.00948EPSS
Exploits1References3
nessus
nessus
added 2023/11/21 12:0 a.m.30 views

RHEL 8 : c-ares (RHSA-2023:7392)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7392 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Buffer Underwrite ...

6.4CVSS6.5AI score0.00333EPSS
Exploits0References5
code423n4
code423n4
added 2023/10/25 12:0 a.m.12 views

Price inflation pump

Lines of code Vulnerability details Impact AfEth price can be inflated until severe rounding errors occur. Proof of concept Deposit in AfEth such that totalValue == 1 and thus 1 afEth is minted. Then AfEth.price will be in the open interval $1,2$ AfEth.price $= 1$ is extremely unlikely. Deposit i...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/09/12 1:5 p.m.44 views

Google Addresses Fourth Zero-Day Flaw Exploited by Attackers Wildly

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-4863 in Google Chrome enables arbitrary code execution and system crashes. Actively exploited "in the wild," it poses severe risks, including data exposure and...

7.5AI score0.99735EPSS
Exploits9
prion
prion
added 2023/09/06 2:15 p.m.30 views

Design/Logic Flaw

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

6.4CVSS6.7AI score0.83716EPSS
Exploits2References2Affected Software1
qualysblog
qualysblog
added 2023/08/24 7:7 p.m.135 views

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

A unified front against malicious cyber actors is climactic in the ever-evolving cybersecurity landscape. The joint Cybersecurity Advisory CSA, a collaboration between leading cybersecurity agencies from the United States, Canada, United Kingdom, Australia, and New Zealand, is a critical guide to...

10CVSS8.6AI score0.99999EPSS
Exploits669
osv
osv
added 2023/08/01 1:2 a.m.13 views

MAL-2023-1028 Malicious code in aurora-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4392d1914575e090dacd661c28ce77f65b0f9f82c9389a1fe366f9216a09b0b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
prion
prion
added 2023/06/20 5:15 a.m.17 views

Authorization

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmscaddsite' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the...

7.5CVSS9.5AI score0.00553EPSS
Exploits0References3Affected Software1
openvas
openvas
added 2023/06/09 12:0 a.m.6 views

Ubuntu: Security Advisory (USN-6152-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
nessus
nessus
added 2023/05/30 12:0 a.m.74 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6119-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possib...

6.5CVSS7.1AI score0.75116EPSS
Exploits0References3
Rows per page
Query Builder