Lucene search
K

7653 matches found

Huntr
Huntr
added 2023/02/03 7:34 a.m.14 views

Phar Deserialization of Untrusted Data

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

0.5AI score
Exploits0References1
CNVD
CNVD
added 2023/02/03 12:0 a.m.16 views

TRENDnet TEW-820AP Stack Overflow Vulnerability

TRENDnet TEW-820AP is a router from Trendnet, Inc. A stack overflow vulnerability exists in TRENDnet TEW-820AP, which stems from a lack of length checking of the entered data in the username parameter of /formWizardPassword. An attacker could exploit this vulnerability to execute arbitrary code o...

8.8CVSS8.9AI score0.01039EPSS
Exploits1References1
OSV
OSV
added 2023/02/01 12:15 a.m.20 views

CVE-2023-0341

A stack buffer overflow exists in the ecglob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over th...

7.8CVSS8.1AI score0.00965EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/01/31 11:22 p.m.25 views

CVE-2023-0341 Stack Buffer Overflow in editorconfig-core-c

A stack buffer overflow exists in the ecglob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over th...

7.8CVSS8.2AI score0.00965EPSS
Exploits1References4
Prion
Prion
added 2023/01/30 11:15 p.m.25 views

Stack overflow

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe...

7.5CVSS9.6AI score0.01258EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/01/25 8:21 p.m.23 views

Improper Input Validation

libgit2 is vulnerable to Improper Input Validation. When using an SSH remote with the optional libssh2 backend, it does not perform certificate checking by default subjecting to a man-in-the-middle attack...

5.9CVSS6AI score0.0058EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/24 5:6 a.m.37 views

CVE-2023-22742

A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's...

5.3CVSS6AI score0.0058EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Ventura prior to version 13.2, which stems from a boundary-checking issue, where an application may be able to execute arbitrary code using kernel privileges...

7.8CVSS7.8AI score0.00237EPSS
Exploits0References5
NVD
NVD
added 2023/01/20 11:15 p.m.14 views

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.7AI score0.0058EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2023/01/20 11:15 p.m.26 views

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS6.1AI score0.0058EPSS
Exploits0References6
Prion
Prion
added 2023/01/20 11:15 p.m.26 views

Design/Logic Flaw

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

2.6CVSS5.8AI score0.0058EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/20 11:15 p.m.3 views

UBUNTU-CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.8AI score0.0058EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/01/20 10:49 p.m.29 views

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.3CVSS6.1AI score0.0058EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/01/20 10:49 p.m.5 views

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.3CVSS6.1AI score0.0058EPSS
Exploits0References7
CVE
CVE
added 2023/01/20 10:49 p.m.459 views

CVE-2023-22742

CVE-2023-22742 affects libgit2 when using SSH with the optional libssh2 backend. The issue is that certificate checking is not performed by default unless a certificate_check callback is explicitly configured in git_remote_callbacks, enabling potential MITM if server SSH keys are not validated. T...

5.9CVSS5.6AI score0.0058EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2023/01/20 10:49 p.m.27 views

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.9CVSS5.4AI score0.0058EPSS
Exploits0
OSV
OSV
added 2023/01/20 10:49 p.m.27 views

CVE-2023-22742 libgit2 fails to verify SSH keys by default

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...

5.3CVSS5.5AI score0.0058EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/01/20 10:41 p.m.23 views

ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...

1.1AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.4 views

PT-2023-1296 · Libssh2 +6 · Libssh2 +6

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.4.5 libgit2 versions prior to 1.5.1 Description: The issue is related to the lack of certificate checking by default when using an SSH remote with the optional libssh2 backend in libgit2. This means that clients wi...

10CVSS9.4AI score0.0511EPSS
Exploits0References72
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.3 views

libgit2 数据伪造问题漏洞

libgit2 is a portable, C implementation of the Git core development package. A data forgery issue vulnerability exists in libgit2 that stems from the fact that libgit2 does not perform certificate checking by default...

5.9CVSS5.5AI score0.0058EPSS
Exploits0References10
Rows per page
Query Builder