Lucene search
K

7654 matches found

RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.5 views

ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00456EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.7 views

ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS inodes, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00465EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/10 1:24 p.m.4 views

ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00479EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2022/05/09 11:30 a.m.330 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022...

9.8CVSS10AI score0.99956EPSS
Exploits63
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.31 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2022-0009)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...

9.8CVSS7.2AI score0.03418EPSS
Exploits4References13
UbuntuCve
UbuntuCve
added 2022/05/07 12:0 a.m.35 views

CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

7.8CVSS7.2AI score0.00499EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.9 views

PT-2022-3361 · Weblizar · School Management Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: School Management WordPress plugin versions prior to 9.9.7 Description: The issue is related to an obfuscated backdoor injected in the license checking code of the School Management WordPress plugin, which registers a REST API handler. This...

10CVSS9.7AI score0.64321EPSS
Exploits6References19
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.4 views

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. The MediaTek chips are affected by a security vulnerability that stems from a lack of privilege checking, which can be exploited by an attacker to cause a local privilege escalation. The following products and versio...

7.8CVSS7.3AI score0.00098EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.5 views

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek chips, which stems from a lack of privilege checking, and can be exploited by an attacker to disclose local information. The following products and versions are...

4.4CVSS5.2AI score0.00105EPSS
Exploits0References2
Prion
Prion
added 2022/05/01 4:15 p.m.11 views

Design/Logic Flaw

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

7.5CVSS9.3AI score0.01884EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.3 views

Jetbrains JetBrains IntelliJ IDEA 访问控制错误漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.JetBrains IntelliJ IDEA versions prior to 2022.1 are vulnerable to an access control error vulnerability that stems from a flaw in source checking in the internal web server...

7.1CVSS5.5AI score0.00144EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/25 12:0 a.m.9 views

Google Android elevation of privilege vulnerability (CNVD-2022-43233)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking in TBD's TBD, which can be exploited to bypass PIN validation to access PIN-protected settings. An attacker...

7.8CVSS6.8AI score0.0011EPSS
Exploits0References1
OSV
OSV
added 2022/04/24 10:4 p.m.7 views

GSD-2022-1002027 can: mcba_usb: properly check endpoint type

can: mcbausb: properly check endpoint type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

7.2AI score
Exploits0
CNVD
CNVD
added 2022/04/22 12:0 a.m.17 views

Google Android Information Disclosure Vulnerability (CNVD-2022-44553)

Google Android is a Linux-based open source operating system from Google, Inc. An information disclosure vulnerability exists in l2cbleprocesssigcmd in l2cble.cc, which could result in an out-of-bounds read due to a lack of boundary checking. . The vulnerability can be exploited by attackers to...

6.5CVSS4AI score0.00256EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/04/22 12:0 a.m.7 views

transfer or transferFrom without checking the boolean result

It was found some transfer, approve or transferFrom without checking the boolean result, ERC20 standard specify that the token can return false if this call was not made, so it's mandatory to check the result of approve methods. CoreCollection.solL175 ERC721Payable.solL54 --- The text was updated...

6.9AI score
Exploits0
CNVD
CNVD
added 2022/04/21 12:0 a.m.16 views

Wordpress permission check error vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers, and a permission checking error vulnerability exists in Wordpress, which stems from the wp-admin/press-this.php script that...

4CVSS1.7AI score0.00691EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.6 views

Slackware: Security Advisory (SSA:2019-135-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.27 views

Slackware: Security Advisory (SSA:2014-013-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.4AI score0.21174EPSS
Exploits1References2
Huntr
Huntr
added 2022/04/20 3:30 p.m.14 views

no spoofing protection on email domain (No Valid SPF Records.)

What Is SPF/TXT Records? An SPF record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Checking...

7AI score
Exploits0References2
CNVD
CNVD
added 2022/04/20 12:0 a.m.12 views

Google Android Buffer Overflow Vulnerability (CNVD-2022-44551)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android has a buffer overflow vulnerability that originates in the TBD of the TBD, which can be read out of bounds due to a lack of boundary checking and can be exploited by attackers to cause local information...

4.4CVSS4.1AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder