Lucene search
+L

335 matches found

Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.5 views

In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific image file.

...

7.5CVSS7AI score0.00737EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.10 views

PT-2024-24913 · Unknown · Skybridge Basic Mb-A130 +1

Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A100/MB-A110 versions 4.2.2 and earlier SkyBridge BASIC MB-A130 versions 1.5.5 and earlier Description: The issue is related to improper neutralization of special elements used in a command, also known as 'Command Injection'. Thi...

9.8CVSS7.7AI score0.01207EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/31 12:0 a.m.8 views

Multiple Seiko Solutions Products Security Breach

Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in SkyBridge MB-A100/MB-A110 version 4.2.2 and earlier, SkyBridge BASIC MB-A130 version 1.5.5 and earlier, which stems from a command injection vulnerability that ca...

9.8CVSS8.1AI score0.01207EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/04/19 1:15 p.m.18 views

CVE-2024-31744

In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file...

7.5CVSS6.9AI score0.00737EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/19 12:0 a.m.11 views

CVE-2024-31744

In Jasper 4.2.2, the jpcstreamlistremove function in src/libjasper/jpc/jpcdec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file...

6.5AI score0.00737EPSS
Exploits0References2
CVE
CVE
added 2024/04/19 12:0 a.m.99 views

CVE-2024-31744

CVE-2024-31744 affects Jasper 4.2.2. The jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure leading to a denial-of-service condition via a crafted image file. Public exploitation details are not provided in the included documents. The entry includes a CVSS...

7.5CVSS6.3AI score0.00737EPSS
Exploits0References2
OSV
OSV
added 2024/04/02 11:15 p.m.3 views

UBUNTU-CVE-2024-3209

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

9.8CVSS5.9AI score0.01223EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/04/02 11:0 p.m.32 views

CVE-2024-3209 UPX bele.h get_ne64 heap-based overflow

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

5.5CVSS5.8AI score0.01223EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.8 views

PT-2024-4252 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX versions up to 4.2.2 Description: A critical issue affects the get ne64 function of the bele.h file, leading to a heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early abo...

9.8CVSS5.8AI score0.01223EPSS
Exploits1References27
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.10 views

PT-2024-18483 · WordPress · Smart Custom Fields

Name of the Vulnerable Software and Affected Versions: Smart Custom Fields plugin for WordPress versions up to, and including, 4.2.2 Description: The issue arises from a missing capability check on the relational posts search function, allowing authenticated attackers with subscriber-level access...

4.3CVSS9.6AI score0.0058EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/12/27 12:0 a.m.8 views

PT-2023-31725 · Unknown · Com.Sdjictec.Qdmetro

Name of the Vulnerable Software and Affected Versions: com.sdjictec.qdmetro version 4.2.2 Description: An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro allows attackers to open a crafted URL without any filtering or checking. Recommendations: For version 4.2.2, consider...

5.3CVSS5.2AI score0.00425EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2023/11/06 12:0 a.m.8 views

Debian: Security Advisory (DSA-5547-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.1AI score0.01121EPSS
Exploits0References4
OSV
OSV
added 2023/10/26 3:15 p.m.15 views

AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.5AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2023/10/26 3:15 p.m.7 views

UBUNTU-CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.6AI score0.00508EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/10/26 12:0 a.m.104 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS6.8AI score0.00508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.15 views

PT-2023-9034 · Unknown +5 · Browserify-Sign +5

Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...

10CVSS7.1AI score0.05213EPSS
Exploits10References69
NVD
NVD
added 2023/08/22 7:16 p.m.23 views

CVE-2023-4475

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

7.5CVSS7.5AI score0.00159EPSS
Exploits0References1
Prion
Prion
added 2023/08/22 7:16 p.m.22 views

Privilege escalation

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master ADM allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

1.7CVSS5.3AI score0.00145EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/22 9:2 a.m.11 views

CVE-2023-4475 An Arbitrary File Movement vulnerability was found on the ADM

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master ADM allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below...

7.5CVSS6.8AI score0.00159EPSS
Exploits0References1
OSV
OSV
added 2023/08/17 10:15 a.m.5 views

CVE-2023-2910

Improper neutralization of special elements used in a command 'Command Injection' vulnerability in Printer service functionality in ASUSTOR Data Master ADM allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS...

8.8CVSS6AI score0.01341EPSS
Exploits0References1
Rows per page
Query Builder