Lucene search
K

156 matches found

Cvelist
Cvelist
added 2025/02/25 5:0 p.m.37 views

CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...

7.7CVSS0.00446EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/17 12:0 a.m.15 views

PT-2025-6742

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2025.01-rc1 Description An integer overflow occurs in the ext4fs read symlink function in Das U-Boot. This happens when a crafted ext4 filesystem with an inode size of 0xffffffff is used, causing a malloc of zero a...

7.8CVSS6.8AI score0.00365EPSS
Exploits0References52
RedhatCVE
RedhatCVE
added 2025/02/13 5:54 p.m.19 views

CVE-2024-27371

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanfollowupgetnlparams, there is no input validation check on halreq-servicespecificinfolen coming from userspace, which can lead to a heap overwrite...

7.8CVSS6.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 5:53 p.m.13 views

CVE-2024-27379

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinansubscribegetnlparams, there is no input validation check on halreq-numintfaddrpresent coming from userspace, which can lead to a heap overwrite...

7.8CVSS6.8AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:55 a.m.18 views

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

9CVSS7.4AI score0.02441EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 7:15 p.m.14 views

CVE-2025-0626

The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to...

7.7CVSS0.01116EPSS
Exploits0References4
OSV
OSV
added 2025/01/28 2:15 a.m.7 views

AZL-56379 CVE-2024-45339 affecting package glog 0.3.5-16

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

7.1CVSS7.2AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2025/01/27 9:45 p.m.86 views

CVE-2024-54520

The CVE-2024-54520 issue is a path-handling vulnerability in macOS components that could allow an app to overwrite arbitrary files. Apple’s security content attributes the problem to improved validation in macOS Sonoma 14.7.2, macOS Sequoia 15.2, and macOS Ventura 13.7.2, with the fix applying to...

5.5CVSS7.1AI score0.00224EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linux
added 2025/01/15 2:55 p.m.3 views

Security update for rsync

This update for rsync fixes the following issues: NOTE: This update was retracted as one of the fixes was broken. A new update will be issued. CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file...

8.8CVSS7.3AI score0.09353EPSS
Exploits4References16
OSV
OSV
added 2024/12/20 1:7 p.m.6 views

OESA-2024-2566 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: Integer Underflow Wrap or Wraparound vulnerability in Renesas arm-trusted-firmware. An integer underflo...

7.8CVSS7.7AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.9 views

RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4 (RHSA-2024:11529)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11529 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

9.1CVSS6.9AI score0.0067EPSS
Exploits1References6
OSV
OSV
added 2024/12/09 2:15 a.m.2 views

UBUNTU-CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

6.6CVSS5.8AI score0.00217EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

Statamic 路径遍历漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. A path traversal vulnerability exists in Statamic versions prior to 5.17.0 that stems from the use of carefully constructed filenames...

5.3CVSS6.5AI score0.00561EPSS
Exploits0References4
CVE
CVE
added 2024/09/16 11:22 p.m.69 views

CVE-2024-44167

The CVE-2024-44167 issue involves a vulnerability in macOS/iOS variants where an app may overwrite arbitrary files. The root cause is described as being mitigated by removing the vulnerable code. Affected platforms include macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15, visionOS 2, iOS 1...

8.1CVSS5.9AI score0.00631EPSS
Exploits0References10Affected Software4
Cvelist
Cvelist
added 2024/06/05 6:35 p.m.30 views

CVE-2024-27370

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsinanconfiggetnlparams, there is no input validation check on halreq-numconfigdiscoveryattr coming from userspace, which can lead to a heap overwrite...

6.7CVSS6.5AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.5 views

PT-2024-21861 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980, 850, 1280, 1380, and 1330 Description: An issue was discovered in the function slsi nan publish get nl params, where there is no input validation check on hal req-service specific info len coming...

7.8CVSS7AI score0.00196EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-5037 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow:dockerized versions prior to 2024-04 Description: The issue is related to the rspamd maps function and involves improper path validation, allowing for path traversal and arbitrary code execution. This can enable an authenticated admin...

8.7CVSS7.6AI score0.27346EPSS
Exploits3References21
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.5 views

Open Automation Software OAS Platform 安全漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from US-based Open Automation Software, Inc. Designed to help organizations connect data sources to the OAS Platform. A security vulnerability exists in Open Automation Software OAS Platform version V19.00.0057. A...

4.9CVSS7.9AI score0.00662EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.4 views

PT-2024-19257 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 19.00.0057 Description: A file write issue exists in the OAS Engine Save Security Configuration functionality. This can be triggered by a specially crafted series of network requests, leading to...

4.9CVSS7.1AI score0.00662EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.6 views

PT-2024-19104 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 19.00.0057 Description: A file write issue exists in the OAS Engine Tags Configuration functionality. This can be exploited by sending a specially crafted series of network requests, leading to...

4.9CVSS7.4AI score0.00662EPSS
Exploits1References3
Rows per page
Query Builder