Page 128 of 5157 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A https://phabricator.wikimedia.org/T149488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRH • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A https://phabricator.wikimedia.org/T320987 •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

.NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538 https://access.redhat.com/security/cve/CVE-2023-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2158342 • CWE-121: Stack-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. Lectura fuera de los límites en el repositorio de GitHub vim/vim, afectando a las versiones anteriores a la 9.0.1143. • http://seclists.org/fulldisclosure/2023/Mar/17 https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213670 • CWE-125: Out-of-bounds Read •