Lucene search
K

33 matches found

cnnvd
cnnvd
added 2024/01/09 12:0 a.m.5 views

Spreadsheet::ParseXLSX Security Vulnerability

Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX prior to version 0.28, which stems from memoize not properly constraining merged cells, resulting in an out-of-memory condition when parsing XLSX documents...

5.5CVSS6.8AI score0.00468EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/07/11 12:0 a.m.7 views

WebsiteGuide 代码问题漏洞

WebsiteGuide is a web site navigation system. A security vulnerability exists in WebsiteGuide v0.2 that stems from vulnerability to Remote Command Execution RCE attacks via image upload...

9.8CVSS8.2AI score0.01561EPSS
Exploits1References2
osv
osv
added 2023/04/29 12:15 a.m.2 views

DEBIAN-CVE-2023-31485

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...

5.9CVSS5.9AI score0.00651EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/04/28 12:0 a.m.4 views

PT-2023-23360 · Gitlab +1 · Gitlab::Api::V4 +1

Name of the Vulnerable Software and Affected Versions: GitLab::API::v4 versions 0.26 and earlier Description: The issue allows for machine-in-the-middle attacks due to the lack of TLS certificate verification when connecting to a GitLab server. Recommendations: For GitLab::API::v4 versions 0.26 a...

5.9CVSS5.3AI score0.00651EPSS
Exploits0References22
susecve
susecve
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-8976

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...

3.3CVSS8.7AI score0.02109EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/08/16 9:15 p.m.4 views

CVE-2022-36155

tifig v0.2.2 was discovered to contain a resource allocation issue via operator newunsigned long at asannewdelete.cpp...

5.5CVSS6.1AI score0.00284EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/07/06 12:0 a.m.8 views

quic-go 资源管理错误漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A resource management error vulnerability exists in quic-go version 0.27.0 and earlier. A remote attacker can cause a denial of service by sending a Slowloris variant of an incomple...

7.5CVSS7.4AI score0.02825EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/06/08 8:15 p.m.4 views

CVE-2022-30882

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code remote. When installing the pyanxdns package of version 0.2, the request package will be installed...

9.8CVSS8AI score0.022EPSS
Exploits1References4
osv
osv
added 2022/02/06 9:15 p.m.8 views

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

9.8CVSS7.3AI score0.01306EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/02/04 12:0 a.m.4 views

Servisnet Tessa 授权问题漏洞

Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...

9.8CVSS8.4AI score0.11441EPSS
Exploits4References6
cnvd
cnvd
added 2018/09/14 12:0 a.m.5 views

xunfeng Command Injection Vulnerability

xunfeng is a rapid vulnerability response and asset scanning system for enterprise intranets. A command injection vulnerability exists in xunfeng version 0.2.0, which stems from the failure of the masscan.py file to properly handle backquote characters and can be exploited by an attacker to execu...

8CVSS8.4AI score0.00815EPSS
Exploits1References1
cnvd
cnvd
added 2018/02/13 12:0 a.m.5 views

Exiv2 'readHeader' Function Denial of Service Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A security vulnerability exists in the 'readHeader' functi...

6.5CVSS6.9AI score0.01173EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2017/07/26 12:0 a.m.3 views

PT-2017-12152 · Sipcrack +1 · Sipcrack +1

Name of the Vulnerable Software and Affected Versions: SIPcrack version 0.2 Description: A memory leak was discovered in the way SIPcrack handles SIP traffic processing due to mismanagement of a lines array. This issue could allow a remote attacker to potentially crash long-running sipdump networ...

7.5CVSS7.3AI score0.02549EPSS
Exploits1References11
Rows per page
Query Builder