Lucene search
K

230 matches found

Prion
Prion
added 2021/11/19 10:15 a.m.20 views

Code injection

In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block...

4CVSS6.5AI score0.01501EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.6 views

Apache Ozone 输入验证错误漏洞

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...

6.5CVSS5.6AI score0.01501EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/11/12 12:0 a.m.9 views

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation can exceed the buffer boundaries into memory, allowing an attacker to execute arbitrary code.

The vulnerability of the FATEK WinProladder controller programming software lies in the fact that the write operation goes beyond the buffer boundaries when analyzing project files syntactically. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

7.8CVSS7.9AI score0.00912EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2021/09/15 3:31 p.m.20 views

Directory Traversal

squashfs-tools is vulnerable to Directory Traversal. It is a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointin...

8.1CVSS2.9AI score0.025EPSS
Exploits2References6Affected Software2
OSV
OSV
added 2021/07/07 5:15 p.m.4 views

CVE-2021-21789

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via...

8.8CVSS6AI score0.00321EPSS
Exploits1References1
OSV
OSV
added 2021/07/07 5:15 p.m.6 views

CVE-2021-21787

A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via...

8.8CVSS7.5AI score0.00338EPSS
Exploits1References1
OSV
OSV
added 2021/05/25 5:15 p.m.7 views

CVE-2020-13602

Remote Denial of Service in LwM2M dowriteoptlv. Zephyr versions = 1.14.2, = 2.2.0 contain Improper Input Validation CWE-20, Loop with Unreachable Exit Condition 'Infinite Loop' CWE-835. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh...

5.5CVSS5.5AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2021/05/17 6:15 p.m.3 views

DEBIAN-CVE-2021-32617

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic complexity was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata int...

5.5CVSS6AI score0.01174EPSS
Exploits0References1
OSV
OSV
added 2021/05/17 6:15 p.m.2 views

UBUNTU-CVE-2021-32617

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm quadratic complexity was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata int...

5.5CVSS6.5AI score0.01174EPSS
Exploits0References5
OSV
OSV
added 2021/04/30 7:15 p.m.3 views

UBUNTU-CVE-2021-29463

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS6.6AI score0.01119EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2019:2648-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.05189EPSS
Exploits26References268
UbuntuCve
UbuntuCve
added 2021/01/18 8:15 p.m.38 views

CVE-2020-36193

Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948...

7.5CVSS7.2AI score0.70595EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/12/18 8:45 a.m.29 views

CVE-2020-35551

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 Decemb...

7.1AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2020/10/23 5:15 a.m.21 views

CVE-2019-14715

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation...

6.8CVSS0.00333EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.3 views

kernel: sg_write function lacks an sg_remove_request call in a certain failure case

A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...

6.7CVSS6.6AI score0.00586EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/29 7:0 p.m.5 views

kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality...

6CVSS7.3AI score0.00263EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2020/09/25 4:9 a.m.42 views

CVE-2020-25085

QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHCBLKSIZE case...

5CVSS6.1AI score0.00638EPSS
Exploits1
Debian CVE
Debian CVE
added 2020/09/25 4:9 a.m.33 views

CVE-2020-25085

QEMU 5.0.0 has a heap-based Buffer Overflow in flatviewreadcontinue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHCBLKSIZE case...

5CVSS6.5AI score0.00638EPSS
Exploits1
NVD
NVD
added 2020/09/02 5:15 p.m.15 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS3.5AI score0.01496EPSS
Exploits0References11
OSV
OSV
added 2020/09/02 5:15 p.m.20 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

3.3CVSS6.5AI score
Exploits0References11
Rows per page
Query Builder