Lucene search
+L

73 matches found

OSV
OSV
added 2022/12/30 11:4 a.m.3 views

OESA-2022-2156 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the...

7.8CVSS7AI score0.00327EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/11/28 9:49 a.m.5 views

krb5: integer overflow vulnerabilities in PAC parsing

A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service t...

8.8CVSS6.5AI score0.06419EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.4 views

PT-2022-6796 · Ceph +5 · Ceph +5

Name of the Vulnerable Software and Affected Versions: Ceph affected versions not specified Description: A privilege escalation flaw was found in Ceph, specifically in the Ceph-crash.service component. This issue allows a local attacker to escalate privileges to root in the form of a crash dump,...

9.1CVSS6.6AI score0.00935EPSS
Exploits1References72
0day.today
0day.today
added 2022/04/06 12:0 a.m.331 views

ALLMediaServer 1.6 Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 1.6. The vulnerability is caused due to a boundary error within the handling of HTTP request. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS9.8AI score0.68733EPSS
Exploits4
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.3 views

TP-Link WR886N 缓冲区错误漏洞

The P&L TP-Link WR886N is a wireless router from China P&L. A buffer error vulnerability exists in the TP-Link WR886N, which originates when the service containing the request for & in the product/userRpm/PingIframeRpm.htm page does not properly determine memory boundaries. An attacker could use...

6.5CVSS6.8AI score0.10187EPSS
Exploits1References2
OSV
OSV
added 2021/11/24 5:15 p.m.2 views

CVE-2021-34423

A buffer overflow vulnerability was discovered in Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.8.4, Zoom Client for Meetings for Blackberry for Android and iOS before version 5.8.1, Zoom Client for Meetings for intune for Android and iOS before version...

9.8CVSS6.4AI score0.03207EPSS
Exploits2References2
CNVD
CNVD
added 2021/10/25 12:0 a.m.33 views

Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

7.1CVSS2.5AI score0.0136EPSS
Exploits1References1
OSV
OSV
added 2021/10/12 3:15 p.m.4 views

CVE-2021-38181

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

7.5CVSS7.1AI score0.01069EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/09/16 9:58 p.m.78 views

CVE-2021-36160

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

7.5CVSS1.5AI score0.62887EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a buffer overflow vulnerability that originates from a specific function that does not validate the length of a user-entered string, which can be exploited by a remote attacker to terminate a web service...

4.9CVSS6.1AI score0.0181EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.9 views

Dnsmasq Security Vulnerability

DNSmasq is a DNS configuration tool from the individual developer Simon Kelley. A security vulnerability exists in dnsmasq prior to version 2.83, which can be exploited by an attacker to crash the target service...

7.1CVSS6.7AI score0.86041EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2020/07/24 12:0 a.m.6 views

PT-2020-12233 · Osisoft · Osisoft Pi System

Name of the Vulnerable Software and Affected Versions: OSIsoft PI System affected versions not specified Description: A remote, unauthenticated attacker could crash the PI Network Manager service through specially crafted requests, resulting in blocked connections and queries to the PI Data...

7.5CVSS7.4AI score0.02147EPSS
Exploits0References3
OSV
OSV
added 2020/05/22 6:15 a.m.4 views

CVE-2020-3343

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploi...

5.5CVSS6.4AI score0.0032EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2020/03/05 12:0 a.m.119 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS0.4AI score0.889EPSS
Exploits10
Prion
Prion
added 2020/02/18 4:15 a.m.15 views

Null pointer dereference

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot controller component. A remote attacker can crash the Controller service...

5CVSS7.5AI score0.02226EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/12/18 12:0 a.m.10 views

The vulnerability of the mad_bit_skip function in the MPEG audio decoder Libmad, which is related to buffer overflow, allows a hacker to cause a service failure.

The vulnerability of the madbitskip function in bit.c of the MPEG audio decoder Libmad is related to an error that causes buffer overflows when processing a specially crafted audio file. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

5.5CVSS6.9AI score0.02239EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/05/09 8:29 p.m.6 views

CVE-2018-2423

SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

7.5CVSS5.8AI score0.02522EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/04/20 12:0 a.m.8 views

The vulnerability of the hns_enet.c component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the hnsenet.c component located in drivers/net/ethernet/hisilicon/hns/hnsenet.c in the Linux kernel is related to the use of memory after it has been freed. Exploiting this vulnerability could allow a local attacker to cause a service failure...

7.8CVSS6.4AI score0.0038EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/11/03 12:0 a.m.7 views

The vulnerability of the libaudiofile library, which allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the msadpcm.c file in the libaudiofile library arises due to an overflow in the buffer in the dynamic memory. Exploiting this vulnerability can allow a local attacker to cause a service failure application termination or execute arbitrary code using a specially crafted WAV fi...

6.8CVSS8.2AI score0.0602EPSS
Exploits0References11Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Internet Explorer browser, which allows a malicious individual to execute arbitrary code or trigger a service failure.

The Internet Explorer browser contains an unspecified vulnerability related to memory-related errors. Exploiting this vulnerability allows malicious actors, operating remotely, to execute arbitrary code or cause a service failure through a specially created website...

9.3CVSS6AI score0.20451EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder