| 2024-09-09 | CVE-2024-8372 | Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. | 4.3 |
| 2024-09-09 | CVE-2024-8373 | Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. | 4.3 |
| 2024-02-29 | CVE-2024-26462 | Memory Leak vulnerability in multiple products
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. | 5.5 |
| 2024-02-26 | CVE-2024-22201 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Jetty is a Java based web server and servlet engine. | 7.5 |
| 2024-01-16 | CVE-2024-0567 | Improper Verification of Cryptographic Signature vulnerability in multiple products
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. | 7.5 |
| 2023-11-03 | CVE-2023-31102 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | 7.8 |
| 2023-11-01 | CVE-2023-5178 | Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. | 8.8 |
| 2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |
| 2023-10-14 | CVE-2023-45862 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. | 5.5 |
| 2023-10-05 | CVE-2023-40745 | Integer Overflow or Wraparound vulnerability in multiple products
LibTIFF is vulnerable to an integer overflow. | 6.5 |