Lucene search
K

7653 matches found

RedhatCVE
RedhatCVE
added 2022/12/01 7:26 p.m.30 views

CVE-2022-46149

A flaw was found in capnproto and capnp projects where a specially-crafted pointer could escape bounds checking by exploiting inconsistent handling of pointers when a list-of-structs is downgraded to a list-of-pointers...

5.4CVSS2.3AI score0.00852EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2022/12/01 9:48 a.m.24 views

Malware Authors 'Accidentally' Crash KmsdBot Cryptocurrency Mining Botnet

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down by the threat actors themselves. KmsdBot, as christened by the Akamai Security Intelligence Response Team SIRT, came to light mid-November 2022 for its ability to...

7.6AI score
Exploits0
CNVD
CNVD
added 2022/12/01 12:0 a.m.15 views

static-dev-server directory traversal vulnerability

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

7.5CVSS7.4AI score0.00959EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/11/30 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-5749-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.00913EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/30 12:0 a.m.35 views

SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:4284-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4284-1 advisory. Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content bsc1205121. -...

8.8CVSS7.4AI score0.0141EPSS
Exploits0References16
Ubuntu
Ubuntu
added 2022/11/29 8:59 p.m.30 views

USN-5749-1: libsamplerate vulnerability

Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash...

5.5CVSS5.6AI score0.00913EPSS
Exploits0
OSV
OSV
added 2022/11/29 8:59 p.m.3 views

USN-5749-1 libsamplerate vulnerability

Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate did not properly perform bounds checking. If a user were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a crash...

5.5CVSS6.1AI score0.00913EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.13 views

PT-2023-1352

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1 STRING but the public structure definition for...

7.5CVSS8AI score0.59501EPSS
Exploits0References317
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.7 views

PT-2024-11883 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue has been resolved in the Linux kernel, specifically in the wifi: cfg80211 component. The problem arises from an assumption that 5 octets are present for vendor...

9.1CVSS7AI score0.03702EPSS
Exploits13References1827
CNVD
CNVD
added 2022/11/25 12:0 a.m.21 views

qpress directory traversal vulnerability

qpress is a patched version of the qpress file archiver program by the individual developer EvgeniyPatlan. A directory traversal vulnerability exists in qpress versions 11.3 and prior to 2022.08.19, which stems from a lack of checking of paths when processing directory requests and can be exploit...

5.3CVSS4.9AI score0.01299EPSS
Exploits1References1
Veracode
Veracode
added 2022/11/24 2:18 a.m.20 views

Cross-Site Request Forgery (CSRF)

fastify is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the incorrect Content-Type used in the ContentTypeParser function of contentTypeParser.js, allowing an attacker to bypass the Pre-Flight checking of fetch.fetch requests with Content-Type’s as...

8.8CVSS8.6AI score0.00369EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.39 views

SUSE SLED15: WebKit2GTK-4.0-lang / WebKit2GTK-4.1-lang / WebKit2GTK-5.0-lang / etc (SUSE-SU-2022:4207-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4207-1 advisory. Security fixes: - CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafte...

8.8CVSS7.4AI score0.0141EPSS
Exploits0References16
OpenVAS
OpenVAS
added 2022/11/23 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-5735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.01096EPSS
Exploits1References2
Prion
Prion
added 2022/11/22 8:15 p.m.25 views

Cross site request forgery (csrf)

Fastify is a web framework with minimal overhead and plugin architecture. The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could...

6.8CVSS8.6AI score0.00369EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/22 2:32 p.m.8 views

SUSE-SU-2022:4185-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

7.5CVSS7.3AI score0.01634EPSS
Exploits0References3
OSV
OSV
added 2022/11/22 9:9 a.m.4 views

SUSE-SU-2022:4159-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2022-40617: Fixed that using untrusted URIs for revocation checking could lead to denial of service bsc1203556...

7.5CVSS7.3AI score0.01634EPSS
Exploits0References3
OSV
OSV
added 2022/11/22 2:15 a.m.43 views

CVE-2022-36227

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...

9.8CVSS3.1AI score
Exploits0References7
Ubuntu
Ubuntu
added 2022/11/21 1:32 p.m.39 views

USN-5733-1: FLAC vulnerabilities

It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and...

5.5CVSS5.9AI score0.03964EPSS
Exploits0
OSV
OSV
added 2022/11/21 1:32 p.m.3 views

USN-5733-1 flac vulnerabilities

It was discovered that FLAC was not properly performing memory management operations, which could result in a memory leak. An attacker could possibly use this issue to cause FLAC to consume resources, leading to a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and...

5.5CVSS6.3AI score0.03964EPSS
Exploits0References4
Veracode
Veracode
added 2022/11/21 11:51 a.m.24 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists in the FusedResizeAndPadConv2D function of nnops.cc due to improper buffer size checking which allows an attacker to cause an application crash by providing malicious input...

7.5CVSS7.1AI score0.0043EPSS
Exploits1References9Affected Software3
Rows per page
Query Builder