353 matches found
CVE-2024-36953
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgicv2parseattr vgicv2parseattr is responsible for finding the vCPU that matches the user-provided CPUID, which of course may not be valid. If the ID is invalid, kvmgetvcpubyid...
PT-2024-18896 · Qualcomm · Snapdragon +48
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to memory corruption that occurs when a channel ID provided by a user is not properly validated and is subsequently used. This can lead to potential security risks...
CVE-2023-28952
Summary: CVE-2023-28952 affects IBM Controller (IBM Cognos Controller) versions 10.4.1, 10.4.2, and 11.0.0. The issue is an injection in application logging caused by not sanitizing user-provided data, with a base CVSS v3.1 score of 5.3 (Medium). The underlying problem is unsanitized input in log...
CVE-2024-25047
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956...
CVE-2024-25047
IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...
Reflected Cross-Site Scripting (Reflected XSS)
nautobot is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper handling and escaping of user-provided query parameters, allowing a maliciously crafted Nautobot URL to potentially execute malicious scripts against users...
Cross Site Scripting (XSS)
phlex is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-provided data in HTML attributes. If an application renders an tag within a href attribute thats set to a user provided link, arbitrary JavaScript execution may occur due to overly...
GHSA-JXGR-GCJ5-CQQG nautobot has reflected Cross-site Scripting potential in all object list views
Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting Reflected XSS attack against users. All filterable object-list views in Nautobot are...
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...
Open Redirect
express is vulnerable to Open Redirect. The vulnerability is due to improper handling of user-provided URLs during redirection in Express.js, which performs encoding using the encodeurl library before passing it to the 'location' header. It allows bypass of an improperly implemented allow lists a...
AZL-44361 CVE-2024-29041 affecting package nodejs-nodemon 2.0.3-5
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an...
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...
Cross site scripting
phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...
[SECURITY] Fedora 40 Update: CardManager-3-29.fc40
This is free, open source multiplatform java application which allows you to play ANY card game. The game is designed especially to play collectible card games like Magic the Gathering or Doomtrooper over network. To play those games you need to own scanned images of card, which are not p art of...
CVE-2024-27307
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...
CVE-2024-27307 JSONata expression can pollute the "Object" prototype
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...
CVE-2024-27307 JSONata expression can pollute the "Object" prototype
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...
CVE-2024-27307 JSONata expression can pollute the "Object" prototype
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution or...
Object Constructor And Prototype Override
jsonata is vulnerable to Object Constructor And Prototype Override. The vulnerability is due to a malicious expression leveraging the transform operator to override properties on the Object constructor and prototype. This may lead to denial of service, remote code execution, or other unexpected...
Employee Management System v1 - (email) SQL Injection Vulnerability
Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...