Lucene search
K

7652 matches found

RedHat Linux
RedHat Linux
added 2023/03/22 10:38 a.m.3 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.8AI score0.59501EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/03/22 12:0 a.m.47 views

CVE-2023-28434

Last updated 21 August 2024...

8.9AI score0.06736EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.24 views

Oracle Linux 7 : openssl (ELSA-2023-12205)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12205 advisory. - Fixes CVE-2023-0286 X.400 address type confusion in X.509 GeneralName Tenable has extracted the preceding description block directly from the Oracle Linux...

7.4CVSS7.8AI score0.59501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.153 views

CentOS 7 : openssl (RHSA-2023:1335)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1335 advisory. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the...

7.4CVSS7.9AI score0.59501EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/03/17 6:24 p.m.47 views

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

9.8CVSS9.9AI score0.0276EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2023/03/17 6:24 p.m.60 views

GHSA-GQ6W-Q6WH-JGGC PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

9.8CVSS9.9AI score0.0276EPSS
Exploits2References11
Friends Of PHP
Friends Of PHP
added 2023/03/17 3:47 p.m.25 views

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

9.8CVSS9.9AI score0.0276EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/03/15 11:15 a.m.5 views

SUSE-SU-2023:0746-1 Security update for perl-Net-Server

This update for perl-Net-Server fixes the following issues: - CVE-2013-1841: Fixed insufficient hostname access checking bsc808830...

4.3CVSS6.4AI score0.01944EPSS
Exploits0References3
NVD
NVD
added 2023/03/14 10:15 a.m.13 views

CVE-2023-27310

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to...

8.8CVSS7.3AI score0.00632EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/03/13 7:33 p.m.51 views

K000132941: OpenSSL vulnerability CVE-2023-0286

Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as...

7.4CVSS7.7AI score0.59501EPSS
Exploits0Affected Software14
OSV
OSV
added 2023/03/13 4:35 p.m.4 views

USN-5949-1 chromium-browser vulnerabilities

It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-0930, CVE-2023-1219, CVE-2023-1220,...

8.8CVSS7AI score0.01163EPSS
Exploits0References23
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.3 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets telephony module that stems from a lack of privilege checking. This could lead to the disclosure of local information without the need for additional execute privileges...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.2 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets telephony module that stems from a lack of privilege checking. This could lead to a local denial of service in the telephony service without additional execute privileges...

5.5CVSS5.8AI score0.00087EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.4 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets telephony module that stems from a lack of privilege checking. This could lead to a local denial of service in the telephony service without additional execute privileges...

5.5CVSS5.8AI score0.00087EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

UNISOC Chipsets 缓冲区错误漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets wlan module that stems from a lack of parameter checking. This could lead to a local denial of service in the wlan service...

5.5CVSS5.7AI score0.00088EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.4 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets telephony module that stems from a lack of privilege checking. This could lead to the disclosure of local information without the need for additional execute privileges...

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2023/03/08 12:0 a.m.37 views

gnutls security and bug fix update

3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...

7.4CVSS7.7AI score0.01403EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.27 views

Debian: Security Advisory (DSA-2010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7AI score0.02718EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.17 views

Debian: Security Advisory (DLA-393-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.08277EPSS
Exploits0References2
NVD
NVD
added 2023/03/07 2:15 p.m.12 views

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

5.4CVSS5AI score0.00483EPSS
Exploits0References3
Rows per page
Query Builder