CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

631 matches found

OSV•added 2024/07/07 12:0 p.m.•7 views

RUSTSEC-2024-0369 phonenumber: panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...

8.6CVSS8.7AI score0.00149EPSS

Exploits0References4

RustSec•added 2024/07/07 12:0 p.m.•2 views

phonenumber: panic on parsing crafted phonenumber inputs

8.6CVSS7.3AI score0.00149EPSS

Exploits0Affected Software1

OSV•added 2024/06/13 2:28 p.m.•1 views

CLSA-2024-1718288901 libssh: Fix of CVE-2023-48795

CVE-2023-48795: implement "strict key exchange" mitigations, tests/pkd/pkddaemon.c: relax pthreadkill assert in pkdstop...

5.9CVSS7AI score0.54214EPSS

Exploits3References1

Redos•added 2024/06/11 12:0 a.m.•33 views

ROS-20240611-09

A vulnerability in the BIND DNS server is related to a flaw in the use of assert. Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS BIND...

7.5CVSS7.1AI score0.43701EPSS

Exploits1

Tenable Nessus•added 2024/05/04 12:0 a.m.•123 views

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1490-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1490-1 advisory. The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following securit...

7.8CVSS7.7AI score0.00223EPSS

Exploits7References580

Cvelist•added 2024/05/01 6:14 a.m.•18 views

CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...

8.8CVSS9.2AI score0.02203EPSS

Exploits2References4

CNNVD•added 2024/05/01 12:0 a.m.•1 views

RIOT RIOT-OS 缓冲区错误漏洞

RIOT RIOT-OS is an operating system for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS that stems from a lack of proper input checking and may result in a RIOT buffer overflow via assert...

9CVSS7.2AI score0.02203EPSS

Exploits2References4

Tenable Nessus•added 2024/04/18 12:0 a.m.•113 views

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1321-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1321-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

7.8CVSS7.5AI score0.00098EPSS

Exploits5References230

The Hacker News•added 2024/04/06 9:43 a.m.•81 views

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 CVSS score: 9.1, which has been described by Adobe as a case of "improper neutralization of special elements" that could pave the way f...

9.1CVSS8.3AI score0.07195EPSS

Exploits0

NVD•added 2024/04/03 3:15 p.m.•14 views

CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT if the newly created subvolume already got read BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ------------ cut here...

5.5CVSS7.2AI score0.00014EPSS

Exploits0References7

UbuntuCve•added 2024/04/03 3:15 p.m.•22 views

CVE-2024-26727

5.5CVSS6.2AI score0.00014EPSS

Exploits0References8

OSV•added 2024/04/03 2:55 p.m.•4 views

CVE-2024-26727 btrfs: do not ASSERT() if the newly created subvolume already got read

5.5CVSS5.9AI score0.00014EPSS

Exploits0References10

Vulnrichment•added 2024/04/03 2:55 p.m.•19 views

CVE-2024-26727 btrfs: do not ASSERT() if the newly created subvolume already got read

6.6AI score0.00014EPSS

Exploits0References6

Tenable Nessus•added 2024/03/19 12:0 a.m.•34 views

Amazon Linux AMI : ImageMagick (ALAS-2024-1926)

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-3.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1926 advisory. Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial...

9.8CVSS8.1AI score0.2299EPSS

Exploits53References152

OSV•added 2024/03/06 11:15 a.m.•29 views

BIT-TENSORFLOW-2022-23567 Integer overflows in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.5AI score0.0045EPSS

Exploits1References6

NVD•added 2024/02/27 10:15 a.m.•17 views

CVE-2021-46927

In the Linux kernel, the following vulnerability has been resolved: nitroenclaves: Use getuserpagesunlocked call to handle mmap assert After commit 5b78ed24e8ec "mm/pagemap: add mmapassertlocked annotations to findvma", the call to getuserpages will trigger the mmap assert. static inline void...

5.5CVSS6AI score0.00011EPSS

Exploits0References2