CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

SUSE CVE•added 2024/04/23 1:45 a.m.•1 views

SUSE CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

6.7CVSS6.2AI score0.00032EPSS

Exploits0References8

RedHat Linux•added 2024/04/18 1:47 a.m.•2 views

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

7.4CVSS7AI score0.00032EPSS

Exploits0References4

RedHat Linux•added 2024/04/18 1:42 a.m.•1 views

shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

7.4CVSS7AI score0.00032EPSS

Exploits0References4

BDU FSTEC•added 2024/04/15 12:0 a.m.•2 views

The vulnerability of the UEFI loader’s shim, related to integer overflow or bypassing, allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UEFI loader Shim is related to buffer overflows in 32-bit systems due to a multiplication operation that involves a user-controllable value analyzed from the binary file PE used by Shim. Exploiting this vulnerability can allow an attacker to compromise the confidentiality...

7.4CVSS7.2AI score0.00032EPSS

Exploits0References7Affected Software4

OSV•added 2024/01/29 3:15 p.m.•1 views

DEBIAN-CVE-2023-40548

7.4CVSS7.6AI score0.00032EPSS

Exploits0References1

Prion•added 2024/01/29 3:15 p.m.•27 views

Heap overflow

3.7CVSS7.7AI score0.00032EPSS

Exploits0References2Affected Software2

Debian CVE•added 2024/01/29 2:53 p.m.•31 views

CVE-2023-40548

7.4CVSS7.3AI score0.00032EPSS

Exploits0

UbuntuCve•added 2024/01/23 12:0 a.m.•32 views

CVE-2023-40548

7.4CVSS7.1AI score0.00032EPSS

Exploits0References1

Prion•added 2021/10/06 8:15 p.m.•13 views

Authentication flaw

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

6.8CVSS8.1AI score0.00261EPSS

Exploits0References4Affected Software1

CNNVD•added 2021/08/30 12:0 a.m.•3 views

total.js 代码注入漏洞

total.js is open source a framework developed using JavaScript for the Node.js platform. It can be used to develop web, desktop, service and IoT platforms. Total.js suffers from a code injection vulnerability that stems from a call to the utils.set function with a user-controlled value in the...

7.5CVSS7.5AI score0.00871EPSS

Exploits1References4

OSV•added 2020/06/22 8:15 p.m.•17 views

CVE-2020-14983

The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled numplayers value, leading to a buffer overflow. A malicious user can overwrite the server's stack...

9.8CVSS6.8AI score

Exploits0References4

RedhatCVE•added 2017/03/31 7:48 a.m.•28 views

CVE-2017-7346

In the Linux kernel's vmwgbsurfacedefineioctl function, in 'drivers/gpu/drm/vmwgfx/vmwgfxsurface.c' file, a 'req-miplevels' is a user-controlled value which is later used as a loop count limit. This allows local unprivileged user to cause a denial of service by a kernel lockup via a crafted ioctl...

5.5CVSS4.1AI score0.00102EPSS

Exploits0References1