Lucene search
K

117 matches found

Snyk
Snyk
added 2025/03/24 11:43 p.m.2 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the Admission Controller feature, by manipulating the filename to include attacker-controlled data. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1,...

6.3CVSS6.9AI score0.03517EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2025/01/09 12:0 a.m.152 views

cups security update

1:2.2.6-62 - RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file...

8.6CVSS7.8AI score0.62474EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2024/10/02 12:0 a.m.40 views

Oracle Linux 8 : cups-filters (ELSA-2024-7463)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7463 advisory. - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: cfGetPrinterAttributes...

9.8CVSS7.5AI score0.76959EPSS
Exploits17References4
OSV
OSV
added 2024/09/26 10:15 p.m.2 views

DEBIAN-CVE-2024-47076

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilter...

8.6CVSS8.2AI score0.76959EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.3 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.13 views

PT-2023-32697

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 affected versions not specified Description The issue allows unauthenticated users to overwrite any file accessible to the user who executes h2o.init, potentially resulting in a denial of service. Remote unauthenticated attackers c...

9.3CVSS7.4AI score0.00715EPSS
Exploits1References12
OSV
OSV
added 2023/06/02 2:15 p.m.9 views

UBUNTU-CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

9.8CVSS7.3AI score0.02061EPSS
Exploits2References6
NVD
NVD
added 2023/05/18 10:15 p.m.12 views

CVE-2023-28753

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

9.8CVSS9.7AI score0.01851EPSS
Exploits1References2
Prion
Prion
added 2023/05/18 10:15 p.m.10 views

Integer overflow

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

7.5CVSS9.6AI score0.01851EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/05/18 9:27 p.m.47 views

CVE-2023-28753

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

9.9AI score0.01851EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.3 views

SUSE CVE-2017-7804

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This...

7.5CVSS8.8AI score0.01507EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.4 views

SUSE CVE-2019-6444

An issue was discovered in NTPsec before 1.1.3. processcontrol in ntpcontrol.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl in ntpd...

9.1CVSS9.3AI score0.45719EPSS
Exploits5References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-12526

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data...

8.1CVSS7.3AI score0.20251EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2023/02/07 12:0 a.m.34 views

py-cryptography -- allows programmers to misuse an API

alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...

6.5CVSS6.8AI score0.01301EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/01/02 7:3 a.m.4 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/02 6:53 a.m.5 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/12/13 2:10 p.m.5 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2022/11/21 12:0 a.m.25 views

(Pwn2Own) Microsoft Teams electronSafeIpc Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the communication API. The issue lies in the handling o...

8.8CVSS3.6AI score
Exploits0References1
Prion
Prion
added 2022/11/09 9:15 p.m.25 views

Design/Logic Flaw

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

1.7CVSS5.9AI score0.00247EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.5 views

PT-2022-7285 · Apache +10 · Apache Commons Bcel +10

Name of the Vulnerable Software and Affected Versions: Apache Commons BCEL versions prior to 6.6.0 Description: The issue is related to an out-of-bounds writing problem in Apache Commons BCEL, which can be exploited to produce arbitrary bytecode. This could be abused in applications that pass...

10CVSS8.5AI score0.02836EPSS
Exploits0References62
Rows per page
Query Builder