Lucene search
K

117 matches found

RedHat Linux
RedHat Linux
added 2024/07/11 11:55 a.m.6 views

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

6.6CVSS7.4AI score0.00629EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/08 1:1 p.m.18 views

CVE-2024-6163 local IP restriction of internal HTTP endpoints

Certain http endpoints of Checkmk in Checkmk 2.3.0p10 2.2.0p31, 2.1.0p46, = 2.0.0p39 allows remote attacker to bypass authentication and access data...

5.3CVSS0.00525EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/18 12:0 a.m.11 views

Unspecified Vulnerability in Oracle Java SE (CNVD-2024-48676)

Oracle Java SE is a for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in Oracle Java SE for Oracle Java SE and Oracle GraalVM Enterprise Edition. An attacker could exploit the vulnerability to gai...

2.5CVSS3.5AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/19 3:43 p.m.55 views

CVE-2023-46216

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

9.8CVSS9.9AI score0.36395EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/19 3:43 p.m.18 views

CVE-2023-46221

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

9.8CVSS9.8AI score0.06782EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.6 views

Insyde InsydeH2O Security Breach

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 to 5.5, which...

5.5CVSS6.7AI score0.00178EPSS
Exploits0References3
OSV
OSV
added 2023/10/17 10:15 p.m.8 views

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

3.7CVSS3.7AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/09/05 6:37 p.m.2 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/29 8:7 p.m.4 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/05/18 10:15 p.m.1 views

CVE-2023-28753

netconsd prior to v0.2 was vulnerable to an integer overflow in its parsepacket function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data...

9.8CVSS5.9AI score0.01851EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.4 views

comrak 安全漏洞

Comrak is a CommonMark+GFM compatible Markdown parser and renderer by Asherah Connor, a personal developer. A security vulnerability exists in versions of comrak prior to 0.17.0 that stems from not validating attacker-controlled data in AST nodes...

9.8CVSS8.2AI score0.01268EPSS
Exploits0References6
OSV
OSV
added 2023/02/15 4:15 a.m.3 views

CVE-2022-45437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

4.8CVSS5.8AI score0.00425EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-16228

An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdbenvopen2 if mdbenvreadheader obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS7.4AI score0.01786EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.3 views

SUSE CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension...

4.3CVSS5.9AI score0.01153EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS8.5AI score0.01594EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2022/12/13 2:2 p.m.7 views

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

9.8CVSS7.2AI score0.02836EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.2 views

thisAAY Lazy Mouse 安全漏洞

thisAAY Lazy Mouse is a mouse application from thisAAY. A security vulnerability exists in thisAAY Lazy Mouse that stems from the fact that it allows an attacker to view all data via a man-in-the-middle attack...

5.9CVSS7.3AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.2 views

RelatedChat 安全漏洞

RelatedChat is an open source alternative communication platform for Related Code individual developers. A security vulnerability exists in RelatedChat. An attacker exploiting this vulnerability could access sensitive data of any user of the application...

6.5CVSS6.6AI score0.00793EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/09/29 1:33 p.m.1 views

httpd: mod_sed: Read/write beyond bounds

An out-of-bounds read/write vulnerability was found in the modsed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using modsed with data provided by the attacker...

9.8CVSS7.1AI score0.50401EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2022/08/01 12:0 a.m.12 views

Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls

The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example PoC POST /wp-json/v2/ssradddata HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type:...

1.1AI score
Exploits0Affected Software1
Rows per page
Query Builder