Lucene search
K

60 matches found

OSV
OSV
added 2024/03/06 10:53 a.m.28 views

BIT-GOLANG-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS7.8AI score0.02758EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

7.1CVSS6.9AI score0.00377EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-38457

A use-after-freeUAF vulnerability was found in function 'vmwcmdrescheck' in drivers/gpu/vmxgfx/vmxgfxexecbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of...

5.5CVSS6.9AI score0.0044EPSS
Exploits0References16
Packet Storm
Packet Storm
added 2022/05/16 12:0 a.m.407 views

Zyxel Firewall ZTP Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...

0.2AI score0.99938EPSS
Exploits27
OSV
OSV
added 2021/10/11 8:15 p.m.4 views

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

7.1CVSS7.1AI score0.00377EPSS
Exploits1References5
Prion
Prion
added 2021/10/11 8:15 p.m.13 views

Design/Logic Flaw

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

3.6CVSS6.9AI score0.00377EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/11 12:0 a.m.5 views

PT-2021-23568 · Unknown · Check Smart

Name of the Vulnerable Software and Affected Versions: check smart versions prior to 6.9.1 Description: The issue allows unintended drive access by an unprivileged user due to a substring match of a device path, specifically checking for the /dev/bus substring and a number, which is an example of...

7.1CVSS6.9AI score0.00377EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.6 views

Suse Check_smart 输入验证错误漏洞

Suse Checksmart is a monitoring plugin from Suse Luxembourg. It is used to monitor the value of the Smart Self-Monitoring, Analysis and Reporting Technology attribute of hard and solid state drives in the background using Smartmontool's Smartctl. A security vulnerability exists in versions of...

7.1CVSS7.1AI score0.00377EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/10/11 12:0 a.m.17 views

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

7.1AI score0.00377EPSS
Exploits1References5
PyPA
PyPA
added 2021/05/27 11:15 a.m.7 views

PYSEC-2021-887

GattLib 0.3-rc1 has a stack-based buffer over-read in getdevicepathfrommac in dbus/gattlib.c...

9.8CVSS7.3AI score0.01501EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/27 11:15 a.m.3 views

PYSEC-2021-887

GattLib 0.3-rc1 has a stack-based buffer over-read in getdevicepathfrommac in dbus/gattlib.c...

9.8CVSS7.3AI score
Exploits0References1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.3 views

GattLib 缓冲区错误漏洞

GattLib is a library for accessing GATT Generic Attribute Profile information for BLE Bluetooth Low Energy devices. GattLib 0.3-rc1 suffers from a buffer overflow vulnerability in getdevicepathfrommac in dbus/gattlib.c, which originates from a buffer overload read of the stack. No detailed...

9.8CVSS5.9AI score0.01501EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.7 views

openSUSE: Security Advisory for monitoring-plugins-smart (openSUSE-SU-2021:0706-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/11/29 5:5 p.m.188 views

2FA bypass in Wagtail through new device path

2FA bypass through new device path Impact If someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. Patches This problem has been patched in version 1.3.0...

8.8CVSS2AI score0.01162EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2019/11/29 5:5 p.m.22 views

GHSA-89PX-WW3J-G2MM 2FA bypass in Wagtail through new device path

2FA bypass through new device path Impact If someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. Patches This problem has been patched in version 1.3.0...

8.7CVSS8.8AI score0.01162EPSS
Exploits0References6
OSV
OSV
added 2018/10/16 10:29 p.m.4 views

CVE-2018-11020

kernel/omap/drivers/rpmsg/rpmsgomx.c in the kernel component in Amazon Kindle Fire HD3rd Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash...

4.4CVSS5.8AI score0.00628EPSS
Exploits1References2
OSV
OSV
added 2017/03/27 12:0 a.m.6 views

UBUNTU-CVE-2017-6462

Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device...

7.8CVSS7AI score0.00491EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.18 views

Resin < 2.1s020604 MS-DOS Device Path Disclosure

Binary data 1517.prm...

5CVSS7.3AI score0.01678EPSS
Exploits0References1
securityvulns
securityvulns
added 2002/02/28 12:0 a.m.31 views

BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY

Hi Bugtraq !! BPM STUDIO PRO 4.2 is one of the most famous mp3 mixer and player and it has an http server implementation for manage the player via the web browser. Unfortunatly, when you perform a simple http request like: http://BPM-HOST/con/con you can crash instantly non-patched Win9x host wit...

0.3AI score
Exploits0
NVD
NVD
added 2000/03/04 5:0 a.m.27 views

CVE-2000-0168

Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability...

5CVSS6.3AI score0.19598EPSS
Exploits0References3
Rows per page
Query Builder