Lucene search
K

142 matches found

Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.9 views

PT-2024-3335 · Ruby +7 · Ruby +7

Name of the Vulnerable Software and Affected Versions: Ruby versions 3.0.0 through 3.3.0 Description: The issue is related to a buffer overflow in the heap of the Ruby programming language interpreter. It allows an attacker to impact the confidentiality, integrity, and availability of protected...

9.8CVSS7.1AI score0.04127EPSS
Exploits2References138
OSV
OSV
added 2023/12/15 11:6 a.m.5 views

OESA-2023-1904 python-wheel security update

A built-package format for Python. A wheel is a ZIP-format archive with a specially formatted filename and the .whl extension. It is designed to contain all the files for a PEP 376 compatible install in a way that is very close to the on-disk format. Security Fixes: An issue discovered in Python...

7.5CVSS6.9AI score0.02659EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/11/07 8:47 a.m.6 views

python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

7.5CVSS7.3AI score0.02659EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.5 views

CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

5.3AI score0.00622EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.3 views

SUSE CVE-2019-6975

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

5.9CVSS6.3AI score0.05399EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.3 views

SUSE CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from...

5.3CVSS6.4AI score0.01272EPSS
Exploits0References7
OSV
OSV
added 2022/12/23 12:15 a.m.9 views

AZL-12098 CVE-2022-40898 affecting package python-wheel for versions less than 0.33.6-8

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

7.5CVSS6.7AI score0.02659EPSS
Exploits1References1
OSV
OSV
added 2022/12/23 12:15 a.m.4 views

PYSEC-2022-43017

An issue discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli...

7.5CVSS6.9AI score0.02659EPSS
Exploits1References5
OSV
OSV
added 2022/12/13 3:15 a.m.6 views

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

8.8CVSS5.9AI score0.00855EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/17 8:15 a.m.3 views

CVE-2022-26650

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matchesconditionData.getParamValue, realData to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

7.5CVSS7.1AI score0.02434EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/04/18 4:56 p.m.4 views

CVE-2020-35630

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

10CVSS8.9AI score0.02136EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/04/18 4:56 p.m.5 views

CVE-2020-28625

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any o...

10CVSS8.9AI score0.0225EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/25 6:48 a.m.54 views

CVE-2022-0554

A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

8.4CVSS3.8AI score0.01607EPSS
Exploits1References3
OSV
OSV
added 2022/02/16 9:15 p.m.1 views

UBUNTU-CVE-2021-43303

Buffer overflow in PJSUA API when calling pjsuacalldump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied...

9.8CVSS7.7AI score0.02339EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/02/03 12:16 p.m.34 views

CVE-2022-0417

A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

8.4CVSS5.6AI score0.01541EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.5 views

python-pillow: Buffer overflow in image convert function

A flaw was found in python-pillow. This flaw allows an attacker to pass controlled parameters directly into a convert function, triggering a buffer overflow in the "convert" or "ImagingConvertTransparent" functions in Convert.c. The highest threat to this vulnerability is to system availability. ...

9.8CVSS7.5AI score0.03162EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2021/08/30 12:0 a.m.4 views

CVE-2020-35633

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in NefS2/SNCioparser.h SNCioparser::readsface storesmboundaryitem Edgeof.A specially crafted malformed file can lead to an out-of-bounds read and type...

10CVSS8.8AI score0.02328EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.5 views

wincred 操作系统命令注入漏洞

wincred is an open source node.js package. Used to use Python3 script to get credentials from the "Windows Credential Manager". A command execution vulnerability exists in wincred, which stems from the possibility of executing arbitrary commands if user input under the control of an attacker is...

9.8CVSS6AI score0.01336EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

Versa Director 命令注入漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A command injection vulnerability exists in Versa Director, which stems from a failure to make valid...

10CVSS8.4AI score0.02713EPSS
Exploits0References1
OSV
OSV
added 2021/05/06 3:55 p.m.3 views

GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

5.6CVSS7.3AI score0.01151EPSS
Exploits1References4
Rows per page
Query Builder