Lucene search
K

769 matches found

UbuntuCve
UbuntuCve
added 2024/02/06 3:15 p.m.17 views

CVE-2024-0911

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash...

5.5CVSS6.2AI score0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/06 2:13 p.m.13 views

CVE-2024-0911 Indent: heap-based buffer overflow in set_buf_break()

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash...

5.5CVSS5.6AI score0.00312EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/06 2:13 p.m.22 views

CVE-2024-0911

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash...

5.5CVSS5.3AI score0.00312EPSS
Exploits0
Fedora
Fedora
added 2024/02/02 1:15 a.m.21 views

[SECURITY] Fedora 39 Update: indent-2.2.13-6.fc39

Indent is a GNU program for beautifying C code, so that it is easier to read. Indent can also convert from one C writing style to a different one. Indent understands correct C syntax and tries to handle incorrect C syntax. Install the indent package if you are developing applications in C and you...

5.5CVSS7.2AI score0.00312EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/02/02 12:0 a.m.290 views

Grocy 4.0.2 Cross Site Request Forgery

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must hav...

8.8CVSS7.4AI score0.00375EPSS
Exploits4
0day.today
0day.today
added 2024/01/31 12:0 a.m.260 views

Grocy <= 4.0.2 - CSRF Vulnerability

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.46 views

GitLab 0.0 < 15.5.9 / 15.6 < 15.6.6 / 15.7 < 15.7.5 (CVE-2022-41903)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst...

9.8CVSS8.9AI score0.44268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.1 views

PT-2023-35662 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash involves the functions jv string vfmt, jv string fmt, and jv get. No information is...

7AI score
Exploits0References2
CNVD
CNVD
added 2023/12/21 12:0 a.m.8 views

Fortinet FortiProxy,FortiOS,FortiPAM Formatting String Error Vulnerability

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining multiple detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

8.8CVSS7.2AI score0.01059EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.7 views

Selected Bosch Products Security Vulnerabilities

Bosch Video Recording Manager VRM is a video recording manager from Bosch, Germany. A security vulnerability exists in some Bosch products. The vulnerability stems from a formatting error in the API server that results in mishandling of API requests, and can be exploited by an attacker to cause a...

7.5CVSS6.6AI score0.00732EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.2 views

Fortinet FortiProxy 格式化字符串错误漏洞

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining multiple detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

8.8CVSS7.3AI score0.01059EPSS
Exploits0References3
OSV
OSV
added 2023/12/11 7:15 a.m.8 views

CVE-2023-49355

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " -1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation...

7.5CVSS6.3AI score0.0117EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

Synology Camera Firmware Formatting String Error Vulnerability

Synology Camera Firmware is a webcam firmware from China-based Synology Inc. A formatting string error vulnerability exists in Synology Camera Firmware versions prior to 1.0.5-0185, which stems from a formatting string error vulnerability in the cgi component that allows attackers to execute...

9.8CVSS7.3AI score0.01701EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from an HTTP/2 frame formatting error and is vulnerable to HTTP/2 and s3 authentication...

7.5CVSS6.9AI score0.53477EPSS
Exploits0References6
CVE
CVE
added 2023/09/19 2:47 p.m.56 views

CVE-2023-42444

CVE-2023-42444 affects the phonenumber Rust library. The vulnerability is a panic caused by a panic-guarded out-of-bounds access on the phonenumber string when processing crafted inputs (notably the string .;phone-context=) in parsing code. Affected versions are prior to 0.3.3+8.13.9 and 0.2.5+8....

8.6CVSS8AI score0.00694EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/17 12:0 a.m.5 views

ASUS RT-AX88U Formatting String Error Vulnerability

The ASUS RT-AX88U is a wireless router from ASUS in China. The ASUS RT-AX88U suffers from a Formatting String Error vulnerability, which stems from a vulnerability in the Advanced Open VPN feature that uses an externally controllable format string, which can be exploited by an attacker with an...

8.8CVSS6.5AI score0.00645EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/04 5:2 p.m.24 views

Multiple soundness issues in lexical

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

7.2AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.3 views

TOTOLINK N200RE Formatting String Error Vulnerability

The TOTOLINK N200RE is a router from China's Gion Electronics TOTOLINK. A formatting string error vulnerability exists in the TOTOLINK N200RE V5 version 9.3.5u.6437B20230519. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

9CVSS6.5AI score0.03153EPSS
Exploits1References5
OSV
OSV
added 2023/09/03 12:0 p.m.7 views

RUSTSEC-2023-0055 Multiple soundness issues

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

7.2AI score
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.4 views

The vulnerability of Google Chrome’s URL formatting mechanism, which allows attackers to carry out spoofing attacks

The vulnerability of Google Chrome’s URL formatting mechanism is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks using a specially crafted HTML page...

7.8CVSS6.5AI score0.0048EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder