Lucene search
K

1406 matches found

BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.3 views

The vulnerability of the functions ov511_mode_init regs and ov518_mode_init regs in the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the functions ov511modeinit regs and ov518modeinit regs drivers/media/usb/gspca/ov519.c in the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.9CVSS6.5AI score0.00534EPSS
Exploits0References39Affected Software5
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.29 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1571)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause...

5.9CVSS6.1AI score0.01952EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.47 views

EulerOS Virtualization for ARM 64 3.0.2.0 : zlib (EulerOS-SA-2020-1556)

According to the version of the zlib packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...

8.8CVSS7.1AI score0.04793EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/17 12:0 a.m.4 views

The vulnerability of the treeRead component in the libmysofa library allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the treeRead component in the libmysofa library exists due to insufficient checking of multiplication and addition operations. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS7.7AI score0.02368EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.5 views

The vulnerability of the SeekPercent function in the VideoLAN VLC media player’s demux/asf.c file allows a hacker to cause a service failure.

The vulnerability of the SeekPercent function in the VideoLAN VLC media player’s demux/asf.c file is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...

7.1CVSS6.5AI score0.01429EPSS
Exploits0References7Affected Software4
RedhatCVE
RedhatCVE
added 2020/04/08 8:16 p.m.27 views

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

7.8CVSS6.4AI score0.00388EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/06 5:33 p.m.3 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/06 4:56 p.m.6 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/03/18 12:0 a.m.11 views

Linux: Read /etc/ntp.conf (KB)

The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol NTP version 4, but also retains compatibility with version 3, as defined by RFC-1305, and...

6.8AI score
Exploits0References1
Prion
Prion
added 2020/03/05 9:15 a.m.23 views

Design/Logic Flaw

The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networkin...

7.2CVSS7.9AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2020/02/25 1:11 a.m.9 views

USN-4292-1 rsync vulnerabilities

It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 It was discovered that rsync incorrectly handled vectors...

9.8CVSS7AI score0.07489EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2020/02/25 12:0 a.m.50 views

Ubuntu: Security Advisory (USN-4292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.9AI score0.07489EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/02/24 9:5 a.m.4 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/20 10:19 a.m.2 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2020/02/18 12:0 a.m.74 views

ksh security update

20120801-38 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790542...

7.8CVSS2.5AI score0.01385EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/02/18 12:0 a.m.24 views

Fedora 30 : 1:ksh (2020-a0f0eb8500)

Do not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

7.8CVSS7.2AI score0.01385EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/02/17 9:3 a.m.8 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Cloud Foundry
Cloud Foundry
added 2020/02/12 12:0 a.m.48 views

USN-4246-1: zlib vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-984...

9.8CVSS10AI score0.07489EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/02/05 12:15 p.m.5 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/01/30 12:0 a.m.216 views

Debian DLA-2085-1 : zlib security update

Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. For Debian 8 'Jessie', these problems have been fixed in version 1:1.2.8.dfsg-2+deb8u1. We recomme...

9.8CVSS7.3AI score0.07489EPSS
Exploits0References6
Rows per page
Query Builder