Lucene search
K

2193 matches found

RedHat Linux
RedHat Linux
β€’added 2022/11/02 4:38 p.m.β€’3 views

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS5.9AI score0.84554EPSS
Exploits4References5
GithubExploit
GithubExploit
β€’added 2022/10/23 11:48 a.m.β€’16 views

Exploit for Argument Injection in Zmanda Amanda

Suggested description A privilege escalation flaw was foun...

6.7CVSS7.8AI score0.01246EPSS
Exploits2
OSV
OSV
β€’added 2022/10/20 6:38 p.m.β€’18 views

GHSA-WHPX-Q3RQ-W8JC Hardening of TypedArrays with non-canonical numeric property names in SES

Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...

6.9AI score
Exploits0References3
OSV
OSV
β€’added 2022/10/06 7:53 p.m.β€’26 views

GHSA-5HW4-M7F3-HHX8 TCPDF vulnerable to attackers triggering deserialization of arbitrary data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS9.4AI score0.26172EPSS
Exploits7References14
Github Security Blog
Github Security Blog
β€’added 2022/10/06 7:53 p.m.β€’33 views

TCPDF vulnerable to attackers triggering deserialization of arbitrary data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS4.9AI score0.26172EPSS
Exploits7References14Affected Software4
OSV
OSV
β€’added 2022/10/02 5:15 a.m.β€’40 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS7.5AI score
Exploits0References7
OSV
OSV
β€’added 2022/10/02 5:15 a.m.β€’3 views

DEBIAN-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS6.5AI score0.02824EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
β€’added 2022/10/02 5:15 a.m.β€’3 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS6.7AI score0.02824EPSS
Exploits2References8
UbuntuCve
UbuntuCve
β€’added 2022/10/02 5:15 a.m.β€’57 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS6.8AI score0.02824EPSS
Exploits2References5
OSV
OSV
β€’added 2022/10/02 5:15 a.m.β€’6 views

UBUNTU-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS6.8AI score0.02824EPSS
Exploits2References6
Positive Technologies
Positive Technologies
β€’added 2022/10/02 12:0 a.m.β€’10 views

PT-2022-6920

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2...

7.8CVSS6.5AI score0.02824EPSS
Exploits2References71
Debian CVE
Debian CVE
β€’added 2022/10/02 12:0 a.m.β€’71 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

7.5CVSS7AI score0.02824EPSS
Exploits2
Snyk
Snyk
β€’added 2022/09/29 1:34 p.m.β€’3 views

Code Injection

Overview snyk is a advanced tool that scans and monitors projects for security vulnerabilities. Affected versions of this package are vulnerable to Code Injection. when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a...

8.8CVSS7AI score0.00718EPSS
Exploits2References2
Cvelist
Cvelist
β€’added 2022/09/28 10:25 p.m.β€’73 views

CVE-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

2.3CVSS7.9AI score0.00565EPSS
Exploits0References8
Kitploit
Kitploit
β€’added 2022/09/27 11:30 a.m.β€’46 views

pyFlipper - Unoffical Flipper Zero Cli Wrapper Written In Python

Unoffical Flipper Zero cli wrapper written in Python Functions and characteristics: Flipper serial CLI wrapper Websocket client interface Setup instructions: $ git clone https://github.com/wh00hw/pyFlipper.git $ cd pyFlipper $ python3 -m venv venv $ source venv/bin/activate $ pip install -r...

7.3AI score
Exploits0References1
OSV
OSV
β€’added 2022/09/26 5:9 a.m.β€’7 views

MAL-2022-668 Malicious code in @trimoz/trimoz-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9110e2c38a1f92ba467767f3e718d50db805ec76c4de80cbdbbf6e79e28555c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veracode
Veracode
β€’added 2022/09/20 3:19 p.m.β€’18 views

Remote Code Execution

d8sdomains is vulnerable to remote code execution. A potential code-execution backdoor inserted by a third party allows an attacker to upload and execute malicious code on the system under attack, through the vulnerable wrapper method...

9.8CVSS9.6AI score0.01033EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
β€’added 2022/09/15 8:38 a.m.β€’3 views

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

7.8CVSS5.9AI score0.84554EPSS
Exploits4References5
Huntr
Huntr
β€’added 2022/09/13 2:52 p.m.β€’34 views

XSS via Mathematical Typesetting

πŸ”’οΈ Requirements Feature: Extras Mathematical Typesetting enabled. User interaction: Access vulnerable page || diagram and wheel click on a link. πŸ“ Description The Mathematical Typesetting feature allows to use inline content such as AsciiMath or LaTeX. Using it allows you to create a tag via \href...

5.8CVSS0.8AI score0.0061EPSS
Exploits1
ATTACKERKB
ATTACKERKB
β€’added 2022/09/06 6:15 p.m.β€’3 views

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS6AI score0.01328EPSS
Exploits0References5
Rows per page
Query Builder