Lucene search
K

283 matches found

OSV
OSV
added 2023/10/20 3:39 p.m.7 views

CLSA-2023-1697816385 curl: Fix of 2 CVEs

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

8.8CVSS6.8AI score0.02596EPSS
Exploits2References1
OSV
OSV
added 2023/10/13 11:6 a.m.1 views

OESA-2023-1710 libXpm security update

X.Org X11 libXpm runtime library Security Fixes: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.CVE-2023-43788 A...

5.5CVSS6.5AI score0.00365EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/08/31 1:56 a.m.5 views

SUSE CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

7.5CVSS7.4AI score0.00703EPSS
Exploits1References3
OSV
OSV
added 2023/08/17 5:40 p.m.10 views

CLSA-2023-1692294010 amanda: Fix of 2 CVEs

CVE-2022-37705: fix tar option filtering - CVE-2023-30577: introduce tar option allow list...

7.8CVSS6.9AI score0.01246EPSS
Exploits3References1
OSV
OSV
added 2023/07/06 3:15 p.m.4 views

CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

8.8CVSS7.4AI score0.03003EPSS
Exploits1References2
OSV
OSV
added 2023/05/11 2:15 p.m.7 views

CLSA-2023-1683814164 git: Fix of 2 CVEs

CVE-2023-25652: removing a link instead of writing into - CVE-2023-29007: restrict the config file line length to parse it whole - tests were activated - a buffer overflow during reading of configuration's enormous value has been fixed...

7.8CVSS7.2AI score0.52164EPSS
Exploits2References1
NCSC
NCSC
added 2023/04/20 12:0 a.m.3 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in Oracle Hyperion products. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's permissions. ------------------.------.------------------------------------- | CVE...

9.8CVSS9.3AI score0.02789EPSS
Exploits1
OSV
OSV
added 2023/02/10 10:51 a.m.7 views

CLSA-2023-1676026276 openssl: Fix of 2 CVEs

CVE-2023-0215: Fix a UAF resulting from a bug in BIOnewNDEF - CVE-2023-0286: Fix GENERALNAMEcmp for x400Address...

7.5CVSS7AI score0.59501EPSS
Exploits0References1
OSV
OSV
added 2023/02/09 11:15 p.m.7 views

CLSA-2023-1675984558 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...

5.3CVSS6.4AI score0.01357EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2022/12/23 11:46 p.m.54 views

Exploit for CVE-2022-41080

CVE-2022-41080 Desc - CrowdStrike recently discovered a n...

9.8CVSS9AI score0.9997EPSS
Exploits11
NCSC
NCSC
added 2022/09/28 12:0 a.m.5 views

Researcher discovered vulnerabilities in Layer-2 managed switches

A researcher has found vulnerabilities in network security techniques at the Layer-2 level. The vulnerabilities reside in the fact that the QinQ functionality IEEE 802.1ad standard incorrectly allows VLAN 0 priority tag and 802.2 LLC/SNAP headers can be stacked multiple define VLANs within VLANs....

4.7CVSS6.8AI score0.0071EPSS
Exploits1
NCSC
NCSC
added 2022/08/26 12:0 a.m.8 views

Vulnerabilities fixed in Nessus Agent

Tenable has fixed two vulnerabilities in Nessus Agent. A authenticated malicious person with the ability and knowledge to create custom audit files could exploit the vulnerabilities to execute code with administrator privileges, or to access gain access to arbitrary system files of the underlying...

9CVSS7.3AI score0.01255EPSS
Exploits0
OSV
OSV
added 2021/12/16 7:10 p.m.9 views

CLSA-2021-1639681829 Fix CVE(s): CVE-2021-35624, CVE-2021-35604

SECURITY UPDATE: Update to 5.7.36 to fix security issues - CVE-2021-35604, CVE-2021-35624...

5.5CVSS6.8AI score0.02497EPSS
Exploits0References1
NCSC
NCSC
added 2021/09/14 12:0 a.m.3 views

Vulnerabilities fixed in Google Chrome

Vulnerabilities have been fixed in Google Chrome. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data Google, as usual, is releasing few technical details abou...

9.6CVSS7.5AI score0.64546EPSS
Exploits4
NCSC
NCSC
added 2021/04/15 12:0 a.m.5 views

Vulnerabilities fixed in GitLab CE and EE

GitLab has fixed two vulnerabilities in GitLab Community Edition and Enterprise Edition. The vulnerabilities could be exploited by a malicious person with rights to upload files could be exploited to execute arbitrary code with permissions from the GitLab Service. A CVE ID is not yet known for on...

7.5CVSS7.6AI score0.05061EPSS
Exploits0
NCSC
NCSC
added 2021/01/05 12:0 a.m.7 views

Vulnerabilities fixed in Dovecot

A malicious party could exploit the vulnerabilities to cause a denial-of-service and to read e-mail from other users. Dovecot has released updates to fix the vulnerabilities. For more information, see the following pages: CVE-2020-24386:...

7.5CVSS6.9AI score0.0466EPSS
Exploits1
NCSC
NCSC
added 2020/11/11 12:0 a.m.7 views

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

6.1CVSS6.6AI score0.0148EPSS
Exploits0
OSV
OSV
added 2020/10/15 10:14 p.m.3 views

USN-4585-1 newsbeuter vulnerabilities

It was discovered that Newsbeuter didn't handle the command line input properly. An remote attacker could use it to ran remote code by crafting a special input file. CVE-2017-12904 It was discovered that Newsbeuter didn't handle metacharacters in its filename properly. An remote attacker could us...

9.3CVSS7.5AI score0.06404EPSS
Exploits0References3
NCSC
NCSC
added 2020/08/04 12:0 a.m.7 views

Vulnerabilities fixed in GRUB2

Researchers have found multiple vulnerabilities in GRUB2. The vulnerability with reference CVE-2020-10713 has been named "Boothole." assigned. This vulnerability allows a malicious person with physical access to the system or a malicious person with administrator privileges able to execute...

8.2CVSS7.9AI score0.01588EPSS
Exploits1
OSV
OSV
added 2020/07/29 6:50 p.m.7 views

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

8.2CVSS7.5AI score0.01588EPSS
Exploits1References9
Rows per page
Query Builder