Lucene search
K

306 matches found

SUSE CVE
SUSE CVE
added 2024/06/12 3:33 a.m.6 views

SUSE CVE-2023-4458

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS8.1AI score0.00833EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.4 views

Contributed Rack Middleware and Utilities 安全漏洞

Contributed Rack Middleware and Utilities is a collection of various add-ons for Rack, a Ruby web server interface. A security vulnerability exists in Contributed Rack Middleware and Utilities versions prior to 2.5.0, which stems from unrestricted user-controlled data that is susceptible to...

8.6CVSS8.3AI score0.00661EPSS
Exploits0References3
OSV
OSV
added 2024/05/22 8:15 p.m.2 views

DEBIAN-CVE-2024-4453

GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS8.4AI score0.01565EPSS
Exploits0References1
OSV
OSV
added 2024/05/15 10:28 p.m.24 views

GHSA-QWVP-268G-JJM8 Data Leakage Vulnerability in livewire/livewire

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/15 10:28 p.m.9 views

Data Leakage Vulnerability in livewire/livewire

livewire/livewire versions greater than 2.2.4 and less than 2.2.6 are affected by a data leakage vulnerability. The $this-validate method, which is expected to return only the validated dataset, was returning all properties of the Livewire component. This regression introduced a security risk,...

7AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/13 3:3 p.m.74 views

CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...

4.6CVSS5.1AI score0.14664EPSS
Exploits1References2
OSV
OSV
added 2024/05/03 3:15 a.m.2 views

CVE-2023-39494

PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS6.2AI score0.00338EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.3 views

CVE-2023-37319

D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability...

8.8CVSS7.9AI score0.00637EPSS
Exploits0References3
OSV
OSV
added 2024/05/03 2:15 a.m.4 views

UBUNTU-CVE-2023-38103

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

8.8CVSS6.3AI score0.01468EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Canada's Corel Digital Technology Corel. A security vulnerability exists in Corel Parallels Desktop that stems from a specific flaw in the virtio-gpu virtual appliance that lacks proper validation of...

8.3CVSS8.2AI score0.00757EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.8 views

Scrapy 安全漏洞

Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...

7.5CVSS7.4AI score0.00807EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.2 views

Kofax Power PDF 安全漏洞

Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF that stems from a specific flaw in the parsing of PDF files that lacks proper validation of user-supplied data, allowing a remote attacker to execute arbitrary code...

7.8CVSS8AI score0.00421EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/08 3:38 p.m.3 views

mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.8AI score0.00689EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/10/26 12:0 a.m.6 views

The vulnerability of the Ruby on Rails software platform lies in the redirection of URLs to an unreliable website, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of the Ruby on Rails software platform is related to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses when using unvalidated external data in the redirectto handler...

6.4CVSS6.5AI score0.00595EPSS
Exploits0References7Affected Software2
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.4 views

Nextcloud Resource Management Error Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud calendar version 1.0.0 and later versions, which stems from a lack of precondition checking,...

4.3CVSS6.9AI score0.00386EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.5 views

PT-2023-26979 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

7.8CVSS7.3AI score0.00338EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/27 12:0 a.m.3 views

PT-2023-4488 · Gstreamer +2 · Gstreamer +2

Name of the Vulnerable Software and Affected Versions: GStreamer affected versions not specified Description: The issue is related to an integer overflow in the MDPR component of the GStreamer multimedia framework. This allows remote attackers to execute arbitrary code on affected installations o...

10CVSS9.1AI score0.01468EPSS
Exploits0References47
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-25917 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file...

7.8CVSS7.5AI score0.00345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.8 views

PT-2023-26302 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required, where the target must visit a malicious page...

7.8CVSS7.2AI score0.00343EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/07/08 2:27 a.m.3 views

SUSE CVE-2023-37327

GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS9AI score0.01714EPSS
Exploits0References13
Rows per page
Query Builder