Export limit exceeded: 41554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45399 | 1 Cern | 1 Indico | 2024-09-24 | 4.3 Medium |
| Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the `next` URL. Exploitation requires initiating the account creation process with a maliciously crafted link, and then finalizing the signup process. Because of this, it can only target newly created (and thus unprivileged) Indico users. Indico 3.3.4 upgrades the dependency on Flask-Multipass to version 0.5.5, which fixes the issue. Those who build the Indico package themselves and cannot upgrade can update the `flask-multipass` dependency to `>=0.5.5` which fixes the vulnerability. Otherwise one could configure one's web server to disallow requests containing a query string with a `next` parameter that starts with `javascript:`. | ||||
| CVE-2024-8946 | 1 Micropython | 1 Micropython | 2024-09-24 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. | ||||
| CVE-2024-8948 | 1 Micropython | 1 Micropython | 2024-09-23 | 7.3 High |
| A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes. | ||||
| CVE-2024-27320 | 1 Refuel | 1 Autolabel | 2024-09-23 | 7.8 High |
| An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code will be passed to an eval function which executes it. | ||||
| CVE-2024-31166 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31168 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::EchoCommon::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31169 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::QueueGetConfigReply::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31179 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TableFeaturePropInstruction::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31178 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TableFeaturePropNextTables::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31177 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg modules). This vulnerability is associated with program routines fluid_msg::of13::TableFeaturePropActions::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31176 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::TableFeaturePropOXM::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31174 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::FeaturesReply::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31173 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::StatsReplyFlow::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31172 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::StatsReplyTable::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31171 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::StatsReplyPort::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31170 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::StatsReplyQueue::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31198 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 5.3 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31197 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 5.3 Medium |
| Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31195 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTable::unpack. This issue affects libfluid: 0.1.0. | ||||
| CVE-2024-31194 | 2 Open Networking Foundation, Opennetworking | 2 Libfluid, Libfluid Msg | 2024-09-20 | 6.5 Medium |
| Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortStats::unpack. This issue affects libfluid: 0.1.0. | ||||