Lucene search
K

171 matches found

CNNVD
CNNVD
added 2022/12/13 12:0 a.m.3 views

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from a stack overflow , allowing an attacker to...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References13
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.3 views

FF4J 安全漏洞

FF4J is a feature switching mode of FF4J open source implementation library . A security vulnerability exists in FF4J version 1.8.1 that stems from vulnerability to remote code execution RCE attacks...

9.8CVSS9.1AI score0.0148EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.5 views

Bento4 缓冲区错误漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 that stems from the presence of a heap-based buffer overflow problem...

7.5CVSS7.5AI score0.01084EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.8 views

The vulnerability of the `cv::PxMDecoder::readData` function in the `grfmt_pxm.cpp` component of the OpenCV library, which is used for computer vision, image processing, and numerical algorithms of general purpose, open-source computer vision. This vulnerability allows a attacker to cause a service denial.

The vulnerability of the cv::PxMDecoder::readData function in the grfmtpxm.cpp component of the Computer Vision, Image Processing, and Numerical Algorithms General Purpose Library OpenSource Computer Vision Library – OpenCV is related to the execution of operations outside of the buffer in memory...

7.1CVSS6.7AI score0.02222EPSS
Exploits0References7Affected Software3
CNNVD
CNNVD
added 2022/09/08 12:0 a.m.7 views

Mz Automation Libiec61850 代码问题漏洞

Mz Automation Libiec61850 is an open source library for the IEC 61850 protocol from Mz Automation. Mz Automation Libiec61850 suffers from a code issue vulnerability that stems from its use of null pointers under certain circumstances. This could allow an attacker to crash the server...

8.6CVSS7.6AI score0.00848EPSS
Exploits0References3
OSV
OSV
added 2022/08/30 12:0 a.m.14 views

GHSA-4RG6-FM25-GC34 oauth2-server through 3.1.1 vulnerable to Open Redirect

In oauth2-server aka node-oauth2-server through 3.1.1, the value of the redirecturi parameter received during the authorization and token request is checked against an incorrect URI pattern a-zA-Za-zA-Z0-9+.-+: before making a redirection. This allows a malicious client to pass an XSS payload...

7.2CVSS7.1AI score0.00757EPSS
Exploits1References7
CNVD
CNVD
added 2022/08/19 12:0 a.m.13 views

OTFCC Buffer Overflow Vulnerability (CNVD-2024-08553)

OTFCC is Caryll open source a C library and utility programs. Used to parse and write OpenType font files. A buffer overflow vulnerability exists in OTFCC version 0.10.4, which stems from a lack of proper validation of user-supplied data in the /release-x64/otfccdump+0x6b84b1 file, and can be...

9.8CVSS7.4AI score0.01181EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.4 views

OTFCC 缓冲区错误漏洞

OTFCC is a C library and utility program from Caryll Open Source. It is used to parse and write OpenType font files. A security vulnerability exists in OTFCC version 0.10.4, which stems from a segmentation violation in the file /multiarch/memmove-vec-unaligned-erms...

9.8CVSS6.7AI score0.01181EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.3 views

OTFCC 缓冲区错误漏洞

OTFCC is a C library and utility program from Caryll Open Source. It is used to parse and write OpenType font files. A security vulnerability exists in OTFCC version 0.10.4, which stems from a heap buffer overflow in the /release-x64/otfccdump+0x6c08a6 file...

9.8CVSS7.1AI score0.01181EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.6 views

Ittiam Systems libmpeg2 安全漏洞

Ittiam Systems libmpeg2 is an open source library of MPEG-1 and MPEG-2 video stream decoding functions from Ittiam Systems. A security vulnerability exists in Ittiam Systems libmpeg2 versions prior to 2022-07-27, which stems from the use of memcpy with overlapping memory blocks, and can be...

6.5CVSS6.4AI score0.00792EPSS
Exploits1References4
Snyk
Snyk
added 2022/06/03 12:38 p.m.7 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak via the function ucclose at /my/unicorn/uc.c. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike...

7.5CVSS7.1AI score0.01177EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/01 3:37 p.m.75 views

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Summary There is a denial of service vulnerability in FasterXML jackson-databind CVE-2020-36518 open source library included in IBM Informix Dynamic Server for IBM InformixHQ. FasterXML jackson-databind 2.13.2.2 resolves the vulnerability. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION:...

7.5CVSS8AI score0.0486EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2022/05/30 7:50 a.m.2 views

Denial of Service (DoS)

Overview github.com/containrrr/shoutrrr/pkg/util is a notification library for gophers. Affected versions of this package are vulnerable to Denial of Service DoS via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters...

7.5CVSS7.1AI score0.01271EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.5 views

Laurent Rineau CGAL 输入验证错误漏洞

CGAL is an open source application by Laurent Rineau. It provides easy access to efficient and reliable geometric algorithms in the form of C libraries. CGAL libcgal suffers from a code execution vulnerability that stems from a specially formatted, incorrectly formatted file that could lead to...

10CVSS9.2AI score0.02145EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.5 views

PJSIP 安全漏洞

PJSIP is a free open source multimedia communications library written in C. A denial-of-service vulnerability exists in PJSIP that could be exploited by attackers to affect PJSIP users who use PJSIP XML parsing in their applications...

7.5CVSS5.6AI score0.02039EPSS
Exploits0References14
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
The Hacker News
The Hacker News
added 2021/10/23 4:42 a.m.39 views

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

7AI score
Exploits0
CVE
CVE
added 2021/09/20 9:20 p.m.76 views

CVE-2021-39229

CVE-2021-39229 affects the Apprise library via the IFTTT plugin (NotifyIFTTT.py). A denial-of-service vulnerability is caused by an inefficient regular expression, with the vulnerable pattern located at lines 356–359 in the referenced file. The issue was fixed in release 0.9.5.1; if upgrading isn...

7.5CVSS7.3AI score0.01831EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/07/15 12:0 a.m.7 views

Unspecified vulnerability in Bento4 (CNVD-2021-51794)

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 version 1.5.1-628, which stems from an unhandled memory allocation failure in ""Core/Ap4Atom.cpp"" that results in the dereferencing of the NULL pointer, and can be exploited by an...

6.5CVSS6.8AI score0.01031EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/28 12:0 a.m.6 views

Request Forgery Vulnerability in XStream

XStream is an open source Java class library , it is mainly used to serialize objects into XML JSON or deserialize objects . A request forgery vulnerability exists in Xstream, which can be exploited by an attacker to spoof requests sent from the server side in the context of an affected applicati...

7AI score
Exploits0
Rows per page
Query Builder