Lucene search
K

117 matches found

Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.6 views

PT-2022-3332 · Mariadb +9 · Mariadb +10

Name of the Vulnerable Software and Affected Versions: MariaDB versions v10.2 through v10.6.1 Description: The issue is related to a buffer overflow in the Item subselect::init expr cache tracker function of the MariaDB database management system. This can be exploited by a remote attacker to...

10CVSS7.6AI score0.70561EPSS
Exploits111References841
OSV
OSV
added 2022/03/14 11:15 a.m.3 views

UBUNTU-CVE-2022-23943

Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions...

9.8CVSS7.2AI score0.50401EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/24 12:0 a.m.27 views

Oracle GraalVM Input Validation Error Vulnerability

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...

5.3CVSS4.2AI score0.03216EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the Ansible configuration management system, related to insecure temporary files, allows a hacker to access confidential data.

The vulnerability of the Ansible configuration management system is related to insecure temporary files. Exploiting this vulnerability could allow an attacker to access confidential data...

5.5CVSS6.6AI score0.00376EPSS
Exploits0References9Affected Software4
OSV
OSV
added 2021/12/14 6:15 p.m.4 views

CVE-2021-44041

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV...

9.8CVSS5.9AI score0.01747EPSS
Exploits0References2
OSV
OSV
added 2021/01/08 7:15 p.m.6 views

CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS8.4AI score
Exploits0References2
OSV
OSV
added 2020/08/21 9:15 p.m.2 views

DEBIAN-CVE-2020-8620

In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit...

7.5CVSS6.6AI score0.03663EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/08/03 12:15 p.m.2 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/03 11:18 a.m.2 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 8:16 p.m.3 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 7:42 p.m.11 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:34 p.m.7 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
CNVD
CNVD
added 2019/10/29 12:0 a.m.1 views

SQL Injection Vulnerability in Thunderwind Movie Ne***.php Page

Thunderwind CMS is a video-on-demand system developed with Thinkphp framework + Mysql. Thunderwind Movie Ne.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/10/28 12:0 a.m.1 views

SQL injection vulnerability in seacms backend ad***_da***.php file

seacms ocean film and television management system, ocean cms is based on PHP + MySql technology development of video on demand system. seacms background adda.php file SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

8AI score
Exploits0
OSV
OSV
added 2019/09/11 3:15 p.m.3 views

DEBIAN-CVE-2019-16224

An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS8.4AI score0.01765EPSS
Exploits1References1
OSV
OSV
added 2019/09/11 3:15 p.m.1 views

UBUNTU-CVE-2019-16226

An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS5.8AI score0.01543EPSS
Exploits1References3
OSV
OSV
added 2019/09/11 3:15 p.m.4 views

UBUNTU-CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS7.3AI score0.01963EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.3 views

PT-2019-14588

Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97 Description An issue was discovered in py-lmdb where for certain values of mp flags, mdb page touch does not properly set up mc-mc pgmc-top, leading to an invalid write operation. This issue occurs when accessing a data.md...

9.8CVSS7.1AI score0.01963EPSS
Exploits5References19
CNVD
CNVD
added 2019/07/19 12:0 a.m.4 views

Cisco Industrial Network Director Encryption Issue Vulnerability

Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. A cryptographic issue vulnerability exists in the Web Services Management Agent WSMA feature in Cisco IN...

5.9CVSS6.7AI score0.00977EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 9:29 p.m.4 views

UBUNTU-CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsiopensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution...

9.8CVSS7.6AI score0.86539EPSS
Exploits10References7
Rows per page
Query Builder