Lucene search
K

127 matches found

FreeBSD Advisory
FreeBSD Advisory
added 2022/04/06 12:0 a.m.23 views

FreeBSD-SA-22:08.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:08.zlib Security Advisory The FreeBSD Project Topic: zlib compression out-of-bounds write Category: zlib Module: contrib Announced: 2022-04-06 Credits: Danil...

7.5CVSS7AI score0.52063EPSS
Exploits1
FreeBSD Advisory
FreeBSD Advisory
added 2022/04/06 12:0 a.m.15 views

FreeBSD-SA-22:06.ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...

9.8CVSS7.4AI score0.00447EPSS
Exploits0
OSV
OSV
added 2022/04/05 4:15 p.m.3 views

CVE-2021-41752

Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt function...

9.8CVSS5.8AI score0.01195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.5 views

PT-2022-11476 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript versions prior to commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 Description: The issue is caused by an unbounded recursive call to the new opt function, leading to a stack overflow. This occurs in Jerryscript before the specifie...

9.8CVSS9.3AI score0.01195EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/03/28 11:15 p.m.3 views

CVE-2022-26296

BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis...

5.5CVSS5.9AI score0.00386EPSS
Exploits1References2
OSV
OSV
added 2022/02/25 11:15 a.m.4 views

CVE-2022-0247

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36e7b5d3d or any of the listed versions...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References1
Huntr
Huntr
added 2022/01/24 9:21 a.m.35 views

Heap-based Buffer Overflow in vim/vim

Description - Heap Overflow and arbitrary 41 bytes write. - Unsorted bin doubly linked list corruption. - commit hash : 058ee7c5699ef551be5aa04c66b3cffc436e9b08 Proof of Concept $ echo -ne "bm9ybTBv7wX//wUwIDUwMDAwMDAwezAtMDAwMP/yAAD6MDAwMDAwMDAwMDQwKSkpMDAQMDAwMDAw...

6.8CVSS0.1AI score0.01566EPSS
Exploits1
Code423n4
Code423n4
added 2022/01/19 12:0 a.m.13 views

fundDepositAndReserveFor function does not exist in protocol

Handle harleythedog Vulnerability details Impact The L2Migrator contract makes use of the function fundDepositAndReserveFor on the ticket broker. In the commit hash for the contest seen from this snippet from the contest page: git clone https://github.com/livepeer/protocol git checkout...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/12/31 12:0 a.m.3 views

Vim 资源管理错误漏洞

Vim is an editor for UNIX-based platforms. A resource management error vulnerability exists in vim 8.2, which stems from a use after free vulnerability found in vim 8.2.3931 commit hash febb78fa1798e0f95983b3f7881419a754886df5...

7.8CVSS6.7AI score0.01727EPSS
Exploits1References40
OSV
OSV
added 2021/11/30 10:21 p.m.25 views

GHSA-WX69-RVG3-X7FC XSS via prototype pollution in NodeBB

Impact A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report...

9CVSS7.5AI score0.01275EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/11/30 10:21 p.m.30 views

XSS via prototype pollution in NodeBB

Impact A prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data i.e. javascript into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report...

9CVSS1.3AI score0.01275EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/11/30 10:20 p.m.23 views

GHSA-PFJ7-2QFW-VWGM NodeBB vulnerable to path traversal in translator module

Impact Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. Patches The vulnerability has been patched as of v1.18.5. Workarounds Cherry-pick commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to recei...

5CVSS5.2AI score0.25843EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/11/30 10:20 p.m.34 views

NodeBB vulnerable to path traversal in translator module

Impact Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected languages/ directory. Patches The vulnerability has been patched as of v1.18.5. Workarounds Cherry-pick commit hash c8b2fc46dc698db687379106b3f01c71b80f495f to recei...

5CVSS1.8AI score0.25843EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/11/10 6:44 p.m.3 views

GHSA-7R94-XV9V-63JW A use of uninitialized value vulnerability in Tensorflow

Impact TensorFlow's Grappler optimizer has a use of unitialized variable: cc const NodeDef dequeuenode; for const auto& trainnode : trainnodes if IsDequeueOptrainnode dequeuenode = trainnode; break; if dequeuenode ... If the trainnodes vector obtained from the saved model that gets optimized does...

6.8CVSS6.9AI score0.0019EPSS
Exploits1References7
Hacker One
Hacker One
added 2021/11/08 1:42 p.m.16 views

Rocket.Chat: Unintended information disclosure in the Hubot Log files

Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would b...

5CVSS1.1AI score0.00553EPSS
Exploits1
NVD
NVD
added 2021/06/08 5:15 p.m.45 views

CVE-2021-32673

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

9.8CVSS0.01941EPSS
Exploits0References4
OSV
OSV
added 2021/06/08 5:15 p.m.20 views

CVE-2021-32673

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

9.8CVSS9.6AI score
Exploits0References4
Prion
Prion
added 2021/06/08 5:15 p.m.13 views

Design/Logic Flaw

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

7.5CVSS9.6AI score0.01941EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/06/08 5:0 p.m.48 views

CVE-2021-32673 Remote Command Execution in reg-keygen-git-hash-plugin

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

8.8CVSS9.9AI score0.01941EPSS
Exploits0References4
FreeBSD Advisory
FreeBSD Advisory
added 2021/05/26 12:0 a.m.23 views

FreeBSD-SA-21:11.smap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits: I lost my dog if you see him...

7.5CVSS7AI score0.01249EPSS
Exploits1
Rows per page
Query Builder