Lucene search
+L

231 matches found

osv
osv
added 2020/09/02 5:15 p.m.21 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

3.3CVSS6.5AI score
Exploits0References11
prion
prion
added 2020/09/02 5:15 p.m.18 views

Directory traversal

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS3.5AI score0.01496EPSS
Exploits0References11Affected Software5
alpinelinux
alpinelinux
added 2020/09/02 4:22 p.m.83 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS3.6AI score0.01496EPSS
Exploits0
debiancve
debiancve
added 2020/09/02 4:22 p.m.31 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS4.3AI score0.01496EPSS
Exploits0
cvelist
cvelist
added 2020/09/02 4:22 p.m.29 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

3.4AI score0.01496EPSS
Exploits0References11
ubuntucve
ubuntucve
added 2020/09/01 12:0 a.m.30 views

CVE-2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory...

4.3CVSS5.9AI score0.01496EPSS
Exploits0References2
mscve
mscve
added 2020/08/18 12:0 a.m.4 views

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

...

6CVSS7AI score0.00486EPSS
Exploits0
osv
osv
added 2020/06/04 4:15 p.m.2 views

DEBIAN-CVE-2020-13800

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mmindex value during an atimmread or atimmwrite call...

6CVSS7AI score0.00486EPSS
Exploits0References1
osv
osv
added 2020/05/27 3:15 p.m.5 views

UBUNTU-CVE-2020-13253

sdwpaddr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhciwrite operations. A guest OS user can crash the QEMU process...

5.5CVSS6.8AI score0.00428EPSS
Exploits0References5
osv
osv
added 2020/04/14 11:15 p.m.1 views

DEBIAN-CVE-2020-11759

An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer...

5.5CVSS6.7AI score0.01696EPSS
Exploits1References1
veracode
veracode
added 2020/04/10 12:48 a.m.22 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Access to the video output control state is not properly restricted, allowing local users to cause a system hang via a read/write operation...

4.9CVSS4.5AI score0.00435EPSS
Exploits0References15Affected Software1
prion
prion
added 2020/04/09 8:15 p.m.21 views

Code injection

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific...

7.5CVSS9.5AI score0.01997EPSS
Exploits0References1Affected Software1
kaspersky
kaspersky
added 2020/02/11 12:0 a.m.47 views

KLA11670 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A write-operation memory vulnerability can be...

8.8CVSS8.9AI score0.02274EPSS
Exploits0References3
openvas
openvas
added 2020/01/09 12:0 a.m.35 views

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:2308-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7.8AI score0.02691EPSS
Exploits3References2
nessus
nessus
added 2019/11/08 12:0 a.m.20 views

Rockwellautomation Micrologix Unspecified Vulnerability

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

7.5CVSS1.6AI score0.37317EPSS
Exploits1References2
nessus
nessus
added 2019/11/08 12:0 a.m.21 views

Rockwellautomation Micrologix Unspecified Vulnerability

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

7.5CVSS1.1AI score0.37317EPSS
Exploits1References2
nvd
nvd
added 2019/09/11 3:15 p.m.29 views

CVE-2019-16226

An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS7.5AI score0.01543EPSS
Exploits1References1
nvd
nvd
added 2019/09/11 3:15 p.m.27 views

CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS9.5AI score0.01963EPSS
Exploits1References1
nvd
nvd
added 2019/09/11 3:15 p.m.29 views

CVE-2019-16224

An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS9.4AI score0.01765EPSS
Exploits1References1
nvd
nvd
added 2019/09/11 3:15 p.m.25 views

CVE-2019-16225

An issue was discovered in py-lmdb 0.97. For certain values of mpflags, mdbpagetouch does not properly set up mc-mcpgmc-top, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

9.8CVSS9.4AI score0.01765EPSS
Exploits1References1
Rows per page
Query Builder