Lucene search
K

2137 matches found

OSV
OSV
added 2023/01/20 7:15 p.m.3 views

UBUNTU-CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS6.3AI score0.33269EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/19 9:20 p.m.4 views

CVE-2023-22741 heap-over-flow in stun_parse_attribute in sofia-sip

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. In affected versions Sofia-SIP lacks both message length and attributes length checks when it handles STUN packets, leading to controllable heap-over-flow. For example, in stunparseattribute, after ...

9.8CVSS10AI score0.0238EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.11 views

PT-2023-3591

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.9.13 Description The issue is related to a lack of proper encoding or escaping of output in the Sudo program, which can be exploited by a remote attacker to gain access to confidential data. The problem specifically...

7.2CVSS7.2AI score0.01664EPSS
Exploits2References67
Vulnrichment
Vulnrichment
added 2023/01/17 9:3 p.m.12 views

CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

8.6CVSS9.1AI score0.06796EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/01/17 8:41 p.m.4 views

CVE-2023-22727

CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...

9.8CVSS8.1AI score0.00858EPSS
Exploits0
OSV
OSV
added 2023/01/17 6:0 p.m.5 views

UBUNTU-CVE-2022-41903

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...

9.8CVSS7.4AI score0.44268EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.4 views

PT-2023-10233 · Unknown · Githuis P2Manage

Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...

9.8CVSS6.1AI score0.00672EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.3 views

PT-2023-8779 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.11.0 Spring Boot versions 2.6+ Description: The issue is related to a conflict of interpretations between Apache Shiro and Spring Boot, which can be exploited by a remote attacker using a specially crafted HTT...

7.8CVSS7.2AI score0.01553EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.4 views

PT-2023-10212 · Unknown · Jvvlee Merlinsboard

Name of the Vulnerable Software and Affected Versions: jvvlee MerlinsBoard affected versions not specified Description: A vulnerability was found in the Grade Handler component of jvvlee MerlinsBoard, leading to improper authorization. The manipulation of an unknown part of this component is the...

6.5CVSS7AI score0.00731EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/01/05 12:0 a.m.6 views

PT-2023-12409 · Unknown · Woorank Robots-Txt-Guard

Name of the Vulnerable Software and Affected Versions: Woorank robots-txt-guard affected versions not specified Description: A vulnerability was found in the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression...

7.5CVSS4.6AI score0.00938EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-28116 · Centic9 · Jgit-Cookbook

Name of the Vulnerable Software and Affected Versions: centic9 jgit-cookbook affected versions not specified Description: A vulnerability was found in centic9 jgit-cookbook, declared as problematic, affecting unknown code. The manipulation leads to an insecure temporary file. The attack can be...

7.8CVSS6.9AI score0.00508EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.6 views

PT-2022-28122 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic vulnerability has been found in FlatPress, affecting an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads ...

6.1CVSS4.2AI score0.00518EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.4 views

PT-2022-25906 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5 Contest Gallery Pro WordPress plugin versions prior to 19.1.5 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the site's...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References7
EUVD
EUVD
added 2022/12/19 12:0 a.m.5 views

EUVD-2022-51942

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed...

5.3CVSS7.1AI score0.01225EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.7 views

PT-2022-27741 · Click Studios · Click Studios Passwordstate +1

Name of the Vulnerable Software and Affected Versions: Click Studios Passwordstate affected versions not specified Click Studios Passwordstate Browser Extension Chrome affected versions not specified Description: A problematic vulnerability was found in Click Studios Passwordstate and Passwordsta...

5.3CVSS6.9AI score0.01225EPSS
Exploits2References7
Vulnrichment
Vulnrichment
added 2022/12/09 8:11 p.m.5 views

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

8CVSS9.5AI score0.01437EPSS
Exploits0References2
OSV
OSV
added 2022/12/09 6:15 p.m.2 views

DEBIAN-CVE-2022-23493

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpmmtransprocessdrdynvcchannelclose function. There are no known workarounds for this issue. Users are advised to upgrade...

9.1CVSS7.6AI score0.00892EPSS
Exploits0References1
OSV
OSV
added 2022/12/09 6:15 p.m.1 views

DEBIAN-CVE-2022-23481

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpcapsprocessconfirmactive function. There are no known workarounds for this issue. Users are advised to upgrade...

9.1CVSS7.6AI score0.00729EPSS
Exploits0References1
OSV
OSV
added 2022/12/09 6:15 p.m.1 views

DEBIAN-CVE-2022-23479

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a buffer over flow in xrdpmmchandatain function. There are no known workarounds for this issue. Users are advised to upgrade...

9.8CVSS8AI score0.00847EPSS
Exploits0References1
OSV
OSV
added 2022/12/09 6:15 p.m.1 views

DEBIAN-CVE-2022-23478

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Write in xrdpmmtransprocessdrdynvcchannelopen function. There are no known workarounds for this issue. Users are advised to upgrade...

9.8CVSS7.6AI score0.00799EPSS
Exploits0References1
Rows per page
Query Builder