Lucene search
K

2082 matches found

CNNVD
CNNVD
added 2023/01/26 12:0 a.m.2 views

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

6.5CVSS6.8AI score0.00809EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/24 12:51 p.m.4 views

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01875EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.2 views

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...

7.8CVSS8.6AI score0.0462EPSS
Exploits21References147
BDU FSTEC
BDU FSTEC
added 2023/01/23 12:0 a.m.6 views

The vulnerability of the IBM Sterling Partner Engagement Manager software lies in the improper limitation of XML links to external objects, which allows attackers to disclose protected information.

The vulnerability of the IBM Sterling Partner Engagement Manager software relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...

7.1CVSS7AI score0.01368EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/18 12:0 a.m.4 views

The vulnerability of the import function of the administrative interface module of Cisco Firepower Management Center software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the import function of the administrative interface module of Cisco Firepower Management Center FMC is related to insufficient validation of XML files’ syntax. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information through ...

4.3CVSS5.5AI score0.00524EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/17 6:15 p.m.2 views

DEBIAN-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

7.5CVSS7.3AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 6:15 p.m.3 views

ALPINE-CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS7.1AI score0.01171EPSS
Exploits0References1
OSV
OSV
added 2023/01/17 6:15 p.m.1 views

UBUNTU-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

7.5CVSS5.8AI score0.0086EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.26 views

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...

6.5CVSS6.7AI score0.01001EPSS
Exploits1References11
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.4 views

simplexrd 代码问题漏洞

simplexrd is a very simple XRD document parser by Kelvin Mo, a personal developer. A code issue vulnerability exists in versions of simplexrd prior to 3.1.1, which stems from a problem with unknown code in the file simplexrd/simplexrd.class.php, which can lead to xml external entity references...

9.8CVSS6.5AI score0.00804EPSS
Exploits0References5
NCSC
NCSC
added 2023/01/06 12:0 a.m.6 views

Vulnerabilities fixed in Lenovo ThinkPad X13s

Vulnerabilities have been fixed in the UEFI implementation of Lenovo ThinkPad X13s systems. The vulnerabilities allow an authenticated user with elevated privileges able to execute arbitrary code and view sensitive data. The complexity of such attacks is high. However, the vulnerabilities are...

8.4CVSS7.3AI score0.00917EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.13 views

PT-2023-9334 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the EFI initialization error path. When runtime services are not supported or have been disabled, the runtime services workqueue i...

9.1CVSS6.9AI score0.03651EPSS
Exploits14References1696
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.4 views

iText 代码问题漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. A code issue vulnerability exists in iText RUPS. An attacker exploits this vulnerability to cause xml external entity references...

9.8CVSS6.6AI score0.00752EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/12/30 12:0 a.m.20 views

Fedora: Security Advisory for trafficserver (FEDORA-2022-489ea47e69)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.013EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.7 views

The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant allows information disclosure due to incompatibility, enabling attackers to expose sensitive information.

The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant is related to the disclosure of information due to incompatibility. This vulnerability allows a malicious actor to disclose the protected information remotely...

10CVSS7.4AI score0.01903EPSS
Exploits0References16Affected Software11
Fedora
Fedora
added 2022/12/18 1:43 a.m.64 views

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

7.5CVSS6.8AI score0.01151EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/18 12:0 a.m.6 views

PT-2022-27728 · Unknown · 3D City Database Ogc Web Feature Service

Name of the Vulnerable Software and Affected Versions: 3D City Database OGC Web Feature Service versions up to 5.2.1 Description: A vulnerability was found in the 3D City Database OGC Web Feature Service, which affects some unknown processing and leads to xml external entity reference. The...

9.8CVSS7.3AI score0.00737EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.4 views

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which originated from a vulnerability that allows remote attackers to run arbitrary code by uploading a carefully crafted XML file...

5.4CVSS6.1AI score0.00506EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/12/12 9:25 p.m.5 views

pki-core: access to external entities when parsing XML can lead to XXE

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

7.5CVSS7.5AI score0.85323EPSS
Exploits3References4
Fedora
Fedora
added 2022/12/09 12:49 a.m.35 views

[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

8.8CVSS1.1AI score0.02287EPSS
Exploits1
Rows per page
Query Builder