Lucene search
K

23150 matches found

Microsoft CVE
Microsoft CVE
added 2025/02/17 8:0 a.m.3 views

GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

...

5.1CVSS5.2AI score0.00619EPSS
Exploits1
Fedora
Fedora
added 2025/02/15 2:37 a.m.14 views

[SECURITY] Fedora 41 Update: libheif-1.19.5-3.fc41

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...

8.1CVSS7AI score0.00825EPSS
Exploits1
Fedora
Fedora
added 2025/02/15 2:23 a.m.8 views

[SECURITY] Fedora 40 Update: libheif-1.19.5-3.fc40

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...

8.1CVSS7AI score0.00825EPSS
Exploits1
OSV
OSV
added 2025/02/14 9:37 a.m.3 views

CLSA-2025-1739525872 Fix CVE(s): CVE-2024-53104

CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat...

7.8CVSS7AI score0.03301EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 9:7 a.m.13 views

CVE-2025-25184

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

6.5CVSS6.4AI score0.01095EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/02/13 2:42 a.m.4 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Fedora
Fedora
added 2025/02/13 2:2 a.m.8 views

[SECURITY] Fedora 40 Update: rust-eif_build-0.2.1-3.fc40

This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2025/02/12 12:30 p.m.1625 views

curl: Format string vulnerability, curl_msnprintf() function

Summary: A vulnerability has been identified in the curl library’s formatted output functions specifically in curlmsnprintf and its related functions. When a malicious attacker-controlled format string containing the %hn conversion specifier is passed, the function incorrectly attempts to write t...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/02/12 4:5 a.m.3 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/02/12 3:49 a.m.3 views

SUSE CVE-2025-1153

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfdsetformat of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The...

4.4AI score0.01252EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

OpenSearch Dashboards Reports 安全漏洞

OpenSearch Dashboards Reports is an OpenSearch open source application. It is used to export and automate PNG, PDF and CSV reports in OpenSearch Dashboard. A security vulnerability exists in OpenSearch Dashboards Reports version 2.19, which stems from the Dashboards Reports module containing a...

6.4CVSS7AI score0.00557EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2025/02/11 5:15 p.m.0 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS6.1AI score0.00234EPSS
Exploits0References2Affected Software4
OSV
OSV
added 2025/02/11 5:15 p.m.2 views

CVE-2023-40721

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests...

6.7CVSS6.1AI score0.00234EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in hdf5

HDF5 through 1.14.3 contains a heap buffer overflow issue in H5Aattrreleasetable, which leads to the corruption of the instruction pointer and causes denial of service or potential code execution...

8.8CVSS7.8AI score0.0086EPSS
Exploits0References3
OSV
OSV
added 2025/02/11 5:57 a.m.2 views

BELL-CVE-2025-1152

Bulletin has no description...

3.7CVSS7AI score0.00564EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.3 views

Tracker Software PDF-XChange Editor 安全漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from the RTF file parsing module containing a heap-based buffer overflow...

8.8CVSS8.1AI score0.0071EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.5 views

PT-2025-6253 · Fortinet · Fortiproxy +3

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.4.0 through 7.4.1 and prior to 7.2.6 FortiProxy versions 7.4.0 and prior to 7.2.7 FortiPAM versions 1.1.2 and prior to 1.0.3 FortiSwitchManager versions 7.2.0 through 7.2.2 and prior to 7.0.2 Description: A use of...

6.7CVSS7.9AI score0.00234EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.3 views

Tracker Software PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing documents in PDF format from Tracker Software, a Canadian company. Tracker Software PDF-XChange Editor suffers from a buffer error vulnerability that stems from the JB2 file parsing module containing an out-of-boun...

8.8CVSS4.5AI score0.00624EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/11 12:0 a.m.3 views

Fortinet Fortigate - Format string vulnerability in CLI commands (FG-IR-23-261)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-261 advisory. - A use of externally-controlled format string vulnerability CWE-134 in Fortinet FortiOS version 7.4.0 through 7.4.1 and befo...

6.7CVSS6.3AI score0.00234EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/02/10 9:1 p.m.8 views

jinja2: Jinja has a sandbox breakout through indirect reference to format method

A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

7.8CVSS7.5AI score0.005EPSS
Exploits0References7
Rows per page
Query Builder