Lucene search
K

7652 matches found

RedHat Linux
RedHat Linux
added 2021/09/30 4:59 p.m.4 views

ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS inode pathname, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS6.8AI score0.00453EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/09/29 5:12 p.m.36 views

Reliance on Cookies without Validation and Integrity Checking in getgrav/grav

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. A cookie with an overly broad path can be accessed through other applications on the same domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications c...

6.3CVSS5.3AI score0.02374EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/09/27 1:15 p.m.13 views

CVE-2021-3818

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking...

6.3CVSS0.02374EPSS
Exploits1References2
Prion
Prion
added 2021/09/27 1:15 p.m.20 views

Input validation

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking...

5CVSS5.3AI score0.02374EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/09/27 12:25 p.m.100 views

CVE-2021-3818

CVE-2021-3818 : Grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking. The connected sources confirm the issue stems from Grav’s handling of cookies without proper validation and integrity checks, with a documented risk example noting that a cookie with an overly bro...

6.3CVSS5.4AI score0.02374EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/09/23 3:15 a.m.17 views

Buffer overflow

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit...

10CVSS9.8AI score0.02546EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/23 2:26 a.m.17 views

CVE-2021-34727 Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit...

9.8CVSS10AI score0.02546EPSS
Exploits0References1
CVE
CVE
added 2021/09/23 2:26 a.m.82 views

CVE-2021-34727

CVE-2021-34727 concerns Cisco IOS XE SD-WAN Software. The vulnerability is in the vDaemon process and arises from insufficient bounds checking when processing traffic. An unauthenticated, remote attacker could send crafted traffic to trigger a buffer overflow, potentially executing arbitrary comm...

10CVSS10AI score0.02546EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2021/09/23 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2021:3125-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.04985EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2021/09/22 7:10 p.m.49 views

CVE-2021-39537

A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the...

6.8CVSS8.5AI score0.03005EPSS
Exploits1References4
Prion
Prion
added 2021/09/22 2:15 p.m.13 views

Design/Logic Flaw

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute...

6.9CVSS7.3AI score0.00234EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.3 views

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE SD-WAN Software is a Cisco software for network management software-defined networking for the Cisco IOS XE network operating system. A security vulnerability exists in Cisco IOS XE SD-WAN Software, which is caused by insufficient boundary checking when processing traffic on an...

10CVSS9.1AI score0.02546EPSS
Exploits0References6
Huntr
Huntr
added 2021/09/20 4:8 p.m.21 views

in dompdf/dompdf

Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...

1AI score0.0143EPSS
Exploits1References1
Huntr
Huntr
added 2021/09/13 6:56 a.m.15 views

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change delete any banning record if a logged in user visits attacker website. because lack of CSRF token "checking" 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally blacklist record with...

1.2AI score
Exploits0References1
CNVD
CNVD
added 2021/09/09 12:0 a.m.22 views

HAProxy input validation error vulnerability

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy=. =HAProxy suffers from an input validation error vulnerability, which stems from a lack of header name length checking in the htxaddheader and htxaddtrailer functions in HAProxy, and can be exploited by an...

7.5CVSS3.6AI score0.56083EPSS
Exploits5References1
NVD
NVD
added 2021/09/08 3:15 p.m.17 views

CVE-2021-30695

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents...

5.5CVSS0.00905EPSS
Exploits0References4
NVD
NVD
added 2021/09/08 3:15 p.m.13 views

CVE-2021-30687

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user...

5.5CVSS0.01143EPSS
Exploits0References6
OSV
OSV
added 2021/09/08 3:15 p.m.1 views

CVE-2021-30664

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution...

7.8CVSS6AI score0.00983EPSS
Exploits0References4
NVD
NVD
added 2021/09/08 3:15 p.m.23 views

CVE-2021-30664

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution...

7.8CVSS0.00983EPSS
Exploits0References4
OSV
OSV
added 2021/09/08 3:15 p.m.0 views

CVE-2021-1885

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution...

7.8CVSS6AI score0.01198EPSS
Exploits0References4
Rows per page
Query Builder