Lucene search
+L

181 matches found

susecve
susecve
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2008-7159

The silcasn1encoder function in lib/silcasn1/silcasn1encode.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, related to incorrect use of a %lu format string...

5.8CVSS7.9AI score0.03424EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

3.5CVSS5.8AI score0.00819EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

9.8CVSS9.3AI score0.05187EPSS
Exploits2References10
susecve
susecve
added 2023/02/15 5:2 a.m.4 views

SUSE CVE-2016-5039

The getattrvalue function in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via a crafted object with all-bits on...

7.5CVSS6.7AI score0.04379EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 4:57 a.m.3 views

SUSE CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

5.5CVSS6.9AI score0.01903EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 4:57 a.m.4 views

SUSE CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

5.5CVSS6.9AI score0.01837EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 4:48 a.m.4 views

SUSE CVE-2017-7210

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads of size 1 and size 8 while handling corrupt STABS enum type strings in a crafted object file, leading to program crash...

5.5CVSS7.4AI score0.01217EPSS
Exploits0References10
susecve
susecve
added 2023/02/15 3:52 a.m.4 views

SUSE CVE-2020-27545

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...

5.5CVSS6.9AI score0.00823EPSS
Exploits0References4
nessus
nessus
added 2022/11/08 12:0 a.m.64 views

F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...

6.8CVSS7AI score0.03807EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/10/11 12:0 a.m.6 views

SAP 3D Visual Enterprise Viewer 缓冲区错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installation as a stand-alone executable program and ActiveX space. A denial of service vulnerability...

7.8CVSS6.5AI score0.00305EPSS
Exploits0References4
github
github
added 2022/05/14 1:10 a.m.36 views

Improper Access Control in Apache Tomcat

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

8.8CVSS7.8AI score0.13075EPSS
Exploits0References67Affected Software1
redhatcve
redhatcve
added 2022/05/10 6:58 p.m.72 views

CVE-2021-42581

A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application...

9.1CVSS6.3AI score0.01325EPSS
Exploits1References4
prion
prion
added 2022/05/10 11:15 a.m.26 views

Code injection

DISPUTED Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because th...

6.4CVSS9.2AI score0.01325EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/05/10 10:8 a.m.25 views

CVE-2021-42581

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object that contains an own property "proto" as an argument to the function. NOTE: the vendor disputes this because the observe...

9.2AI score0.01325EPSS
Exploits1References2
osv
osv
added 2022/04/13 7:15 p.m.4 views

UBUNTU-CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of servic...

7.5CVSS5.7AI score0.01544EPSS
Exploits1References7
osv
osv
added 2022/03/23 8:15 p.m.6 views

CVE-2021-27475

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...

8.6CVSS6AI score0.0281EPSS
Exploits0References2
osv
osv
added 2022/02/15 1:57 a.m.28 views

GHSA-XX8C-M748-XR4J Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

7.7CVSS7.1AI score0.01583EPSS
Exploits0References7
osv
osv
added 2022/02/15 1:57 a.m.32 views

GO-2022-0701 Directory traversal in k8s.io/kubernetes

Crafted object type names can cause directory traversal in Kubernetes. Object names are not validated before being passed to etcd. This allows attackers to write arbitrary files via a crafted object name, hence causing directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift...

6.4CVSS6.1AI score0.01812EPSS
Exploits0References2
github
github
added 2022/02/15 1:57 a.m.73 views

Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

7.7CVSS7.1AI score0.01583EPSS
Exploits0References8Affected Software1
osv
osv
added 2021/02/10 10:15 p.m.4 views

UBUNTU-CVE-2020-28596

A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.8CVSS6.3AI score0.01436EPSS
Exploits1References3
Rows per page
Query Builder