Lucene search
K

207 matches found

RedhatCVE
RedhatCVE
added 2025/02/16 6:21 a.m.10 views

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user...

5.4CVSS9.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:46 p.m.9 views

CVE-2017-16297

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS7.7AI score0.00853EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:46 p.m.16 views

CVE-2017-16327

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS7.7AI score0.00853EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:44 p.m.9 views

CVE-2017-16283

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS7.7AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:43 p.m.15 views

CVE-2017-16278

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS7.7AI score0.00673EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/10/21 3:46 p.m.4 views

SUSE CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

5.5CVSS7.7AI score0.00822EPSS
Exploits0References5
OSV
OSV
added 2024/10/21 1:15 p.m.1 views

DEBIAN-CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

6.5CVSS5.8AI score0.00822EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 1:15 p.m.1 views

UBUNTU-CVE-2024-47726

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode...

6.5CVSS6.3AI score0.00822EPSS
Exploits0References33
NVD
NVD
added 2024/05/17 2:15 p.m.13 views

CVE-2024-35821

In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to...

7.5CVSS7.3AI score0.0057EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2024/05/17 12:15 p.m.27 views

CVE-2024-27410

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

5.5CVSS6.3AI score0.00247EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2024/05/17 11:50 a.m.29 views

CVE-2024-27410 wifi: nl80211: reject iftype change with mesh ID change

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

6.7AI score0.00247EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from old data overwriting new data...

7.1CVSS6.4AI score0.0023EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.11 views

PT-2024-14691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an inode is compressed but not encrypted, and the system fails to call f2fs wait on block writeback to wait for GCed page writeback in the IPU write path. This can...

7.8CVSS5.6AI score0.00286EPSS
Exploits0References188
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.10 views

GNU C Library 安全漏洞

GNU C Library is an open source, free C compiler released under the LGPL license. GNU C Library suffers from a buffer overflow vulnerability that originates from a boundary error in the iconv function when handling untrusted input. An attacker could exploit the vulnerability to cause the...

7.3CVSS7.2AI score0.8833EPSS
Exploits16References22
OSV
OSV
added 2024/04/04 8:27 p.m.4 views

CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

6.2CVSS7.4AI score0.27346EPSS
Exploits3References6
OSV
OSV
added 2024/03/06 11:21 a.m.30 views

BIT-GITLAB-2020-13359

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are =12.10, =13.4, =13.5, 13.5.2...

7.6CVSS7.2AI score0.00756EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:53 a.m.20 views

BIT-DRUPAL-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7.2AI score0.01247EPSS
Exploits0References4
NVD
NVD
added 2024/02/15 5:15 a.m.23 views

CVE-2022-23086

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

9.8CVSS6.7AI score0.00447EPSS
Exploits0References2
Prion
Prion
added 2024/02/15 5:15 a.m.21 views

Design/Logic Flaw

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

7.3AI score0.00447EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/15 12:0 a.m.5 views

The vulnerability of the APK-reverse engineering tool Apktool in Android systems arises from incorrect path name restrictions for restricted directories. This allows attackers to write or overwrite arbitrary data.

The vulnerability of the APK-reverse engineering tool Apktool relates to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a perpetrator to write or overwrite arbitrary data...

7.8CVSS7.3AI score0.0132EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder