Lucene search
K

407 matches found

Cvelist
Cvelist
added 2023/07/28 12:0 a.m.20 views

CVE-2023-39018

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which...

9.9AI score0.00781EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/28 12:0 a.m.23 views

CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that...

9.8AI score0.01017EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/07/28 12:0 a.m.45 views

CVE-2023-39017

Removed by vendor...

9.8CVSS7.4AI score0.01017EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2023/07/10 4:15 p.m.4 views

CVE-2023-37152

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability...

9.8CVSS7.3AI score0.01998EPSS
Exploits1References5
NVD
NVD
added 2023/07/10 4:15 p.m.22 views

CVE-2023-37152

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability...

9.8CVSS9.5AI score0.01998EPSS
Exploits1References4
OSV
OSV
added 2023/06/14 2:15 p.m.4 views

UBUNTU-CVE-2023-35116

DISPUTED jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data...

4.7CVSS6.7AI score0.00352EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/14 2:15 p.m.341 views

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS6.8AI score0.00352EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/06/13 6:30 p.m.23 views

Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability

Withdrawn This advisory has been withdrawn because the CVE has been disputed and the underlying vulnerability is likely invalid. This link is maintained to preserve external references. According to maintainers of Craft CMS, only administrators can access Settings, and those administrators may ha...

7.2CVSS7.3AI score0.02203EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2023/06/01 1:15 p.m.22 views

CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

5.5CVSS5.4AI score0.0033EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/01 12:0 a.m.29 views

CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

5.6AI score0.0033EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/06/01 12:0 a.m.17 views

CVE-2023-33546

Janino 3.1.9 and earlier are subject to denial of service DOS attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by...

5.5CVSS5.5AI score0.0033EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2023/05/31 8:15 p.m.176 views

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4groupdesccsum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend again...

5.5CVSS6.5AI score0.00247EPSS
Exploits0References11
OSV
OSV
added 2023/05/09 1:15 p.m.3 views

DEBIAN-CVE-2023-31972

yasm v1.3.0 was discovered to contain a use after free via the function ppgetline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

5.5CVSS5.6AI score0.00288EPSS
Exploits1References1
OSV
OSV
added 2023/05/09 1:15 p.m.5 views

UBUNTU-CVE-2023-31975

DISPUTED yasm v1.3.0 was discovered to contain a memory leak via the function yasmintnumcopy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

3.3CVSS5.8AI score0.00467EPSS
Exploits1References3
OSV
OSV
added 2023/05/09 1:15 p.m.6 views

UBUNTU-CVE-2023-31972

DISPUTED yasm v1.3.0 was discovered to contain a use after free via the function ppgetline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

5.5CVSS6AI score0.00288EPSS
Exploits1References3
OSV
OSV
added 2023/05/09 1:15 p.m.5 views

UBUNTU-CVE-2023-31974

DISPUTED yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...

5.5CVSS5.8AI score0.00288EPSS
Exploits1References3
Prion
Prion
added 2023/05/04 2:15 p.m.22 views

Input validation

DISPUTED ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be us...

7.5CVSS9.7AI score0.05552EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/05/04 2:15 p.m.115 views

CVE-2023-29827

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with...

9.8CVSS6.8AI score0.05552EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/04/26 1:53 a.m.6 views

SUSE CVE-2023-29583

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parseexpr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

6.2CVSS7.4AI score0.00287EPSS
Exploits1References3
Prion
Prion
added 2023/04/26 12:15 a.m.14 views

Design/Logic Flaw

DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

5CVSS7.6AI score0.00883EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder