Lucene search

K

200 matches found

CVE
CVE
added 2024/03/10 5:15 a.m.8286 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00474EPSS
CVE
CVE
added 2024/03/03 9:15 p.m.6946 views

CVE-2024-28084

p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails.

7.5CVSS7.9AI score0.00077EPSS
CVE
CVE
added 2024/02/21 7:15 a.m.6218 views

CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

7.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.5867 views

CVE-2024-25082

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

6.5CVSS8.7AI score0.00875EPSS
CVE
CVE
added 2024/04/10 12:15 p.m.5534 views

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION fr...

7.5CVSS7.5AI score0.02807EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.4718 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

7.3CVSS7.1AI score0.03698EPSS
CVE
CVE
added 2024/02/21 4:15 a.m.4587 views

CVE-2024-1670

Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00309EPSS
CVE
CVE
added 2024/02/26 4:27 p.m.4307 views

CVE-2024-25081

Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

4.2CVSS8.7AI score0.00052EPSS
CVE
CVE
added 2024/02/27 3:15 p.m.4165 views

CVE-2024-27507

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

7.5CVSS6.3AI score0.00066EPSS
CVE
CVE
added 2024/02/21 7:15 p.m.3930 views

CVE-2024-24479

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

7.5CVSS6.5AI score0.00289EPSS
CVE
CVE
added 2024/02/21 7:15 p.m.3749 views

CVE-2024-24476

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

7.5CVSS6.8AI score0.00954EPSS
CVE
CVE
added 2024/05/22 4:15 p.m.3748 views

CVE-2024-5157

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

8.8CVSS7.4AI score0.00724EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.3719 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

6.3CVSS7AI score0.01219EPSS
CVE
CVE
added 2024/02/29 2:15 a.m.3638 views

CVE-2024-22871

An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.

7.5CVSS6.2AI score0.00083EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.3618 views

CVE-2024-4059

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

6.5CVSS5.3AI score0.00104EPSS
CVE
CVE
added 2024/04/11 2:15 p.m.2987 views

CVE-2023-29483

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which ...

7CVSS6.3AI score0.03636EPSS
CVE
CVE
added 2024/05/07 6:15 p.m.2730 views

CVE-2024-34397

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based c...

5.2CVSS6.2AI score0.00085EPSS
CVE
CVE
added 2024/04/04 8:15 p.m.2473 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

7.5CVSS7.2AI score0.87872EPSS
CVE
CVE
added 2024/04/17 8:15 a.m.2191 views

CVE-2024-3832

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.2AI score0.03717EPSS
CVE
CVE
added 2024/03/06 7:15 p.m.1949 views

CVE-2024-2176

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.2AI score0.00573EPSS
CVE
CVE
added 2012/05/11 10:15 a.m.1654 views

CVE-2012-1823

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

9.8CVSS9.9AI score0.94349EPSS
CVE
CVE
added 2024/04/17 6:15 p.m.1646 views

CVE-2024-3914

Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.4AI score0.00208EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.989 views

CVE-2024-4368

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS6.5AI score0.00332EPSS
CVE
CVE
added 2024/06/09 8:15 p.m.910 views

CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misin...

9.8CVSS9.3AI score0.94365EPSS
CVE
CVE
added 2024/04/15 8:15 p.m.740 views

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. Th...

5.9CVSS5.9AI score0.22841EPSS
CVE
CVE
added 2024/05/14 3:44 p.m.682 views

CVE-2024-4671

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.3AI score0.00373EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.645 views

CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0...

6.3CVSS7.2AI score0.00577EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.611 views

CVE-2024-4058

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

9CVSS8.4AI score0.0582EPSS
CVE
CVE
added 2024/02/29 8:15 p.m.599 views

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

5.5CVSS5.2AI score0.0016EPSS
CVE
CVE
added 2024/06/09 7:15 p.m.583 views

CVE-2024-5458

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs...

5.3CVSS5.9AI score0.0188EPSS
CVE
CVE
added 2024/04/17 8:15 a.m.557 views

CVE-2024-3833

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2024/05/28 3:15 p.m.497 views

CVE-2024-5274

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.03229EPSS
CVE
CVE
added 2024/04/09 5:15 p.m.460 views

CVE-2024-26256

Libarchive Remote Code Execution Vulnerability

7.8CVSS7.9AI score0.46989EPSS
CVE
CVE
added 2024/05/15 9:15 p.m.434 views

CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.9AI score0.00467EPSS
CVE
CVE
added 2024/04/16 10:15 p.m.428 views

CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...

4.9CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2024/06/09 7:15 p.m.418 views

CVE-2024-5585

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed comman...

8.8CVSS8.9AI score0.54606EPSS
CVE
CVE
added 2024/02/19 1:15 p.m.413 views

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string ...

10CVSS9.8AI score0.00296EPSS
CVE
CVE
added 2024/06/09 8:15 p.m.390 views

CVE-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs...

5.9CVSS5.8AI score0.0013EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.371 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.Th...

7.5CVSS7.9AI score0.52453EPSS
CVE
CVE
added 2024/03/27 8:15 a.m.359 views

CVE-2024-2398

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...

8.6CVSS8.3AI score0.01453EPSS
CVE
CVE
added 2024/05/14 4:17 p.m.351 views

CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.0159EPSS
CVE
CVE
added 2024/04/06 3:15 p.m.327 views

CVE-2024-3159

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8AI score0.04741EPSS
CVE
CVE
added 2024/03/06 7:15 p.m.305 views

CVE-2024-2173

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

8.8CVSS8.6AI score0.00091EPSS
CVE
CVE
added 2024/05/29 4:15 p.m.304 views

CVE-2024-32760

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

6.5CVSS6.3AI score0.00153EPSS
CVE
CVE
added 2024/03/06 7:15 p.m.301 views

CVE-2024-2174

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2024/05/29 4:15 p.m.299 views

CVE-2024-31079

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker ...

4.8CVSS5AI score0.00153EPSS
CVE
CVE
added 2024/05/22 4:15 p.m.296 views

CVE-2024-5158

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

8.8CVSS5.8AI score0.00113EPSS
CVE
CVE
added 2024/03/21 9:15 a.m.294 views

CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

7.3CVSS5.8AI score0.00149EPSS
CVE
CVE
added 2024/04/17 8:15 a.m.290 views

CVE-2024-3847

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

9.8CVSS5.4AI score0.00049EPSS
CVE
CVE
added 2024/05/15 9:15 p.m.287 views

CVE-2024-4950

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

6.5CVSS5.5AI score0.00091EPSS
Total number of security vulnerabilities200