Lucene search
K

2566 matches found

Prion
Prion
added 2022/11/01 8:15 p.m.33 views

Code injection

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

4.3CVSS4.9AI score0.00633EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2022/11/01 12:0 a.m.179 views

CVE-2022-22677

CVE-2022-22677 describes a logic issue in the handling of concurrent media (WebKit/WebRTC) that could interrupt video self-preview when a phone call is answered. Affected software is Apple platforms implementing WebKit/WebRTC (notably macOS Monterey and iOS/iPadOS in the 12.4/15.5 family). The ro...

4.3CVSS4.8AI score0.00633EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.27 views

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

5.3AI score0.00633EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.39 views

CVE-2022-22677

A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call...

4.3CVSS4.1AI score0.00633EPSS
Exploits0
Prion
Prion
added 2022/10/20 6:15 a.m.22 views

Race condition

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...

5.1CVSS8.3AI score0.00984EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/20 5:50 a.m.34 views

CVE-2022-27626

A vulnerability regarding concurrent execution using shared resource with improper synchronization 'Race Condition' is found in the session processing functionality of Out-of-Band OOB Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following...

10CVSS10AI score0.00984EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.4 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00824EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/04 3:35 p.m.9 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00824EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2022/10/02 8:43 a.m.513 views

Exploit for Incorrect Calculation in Moodle

Proof of concept for CVE-2022-30600 Overview This rep...

9.8CVSS9.3AI score0.04881EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/09/14 12:0 a.m.6 views

The vulnerability of the OverlayFS subsystem in Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the OverlayFS subsystem in Linux operating systems is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.7CVSS6.8AI score0.00213EPSS
Exploits0References8Affected Software3
Veracode
Veracode
added 2022/09/09 9:22 a.m.19 views

Command Injection

Apache James is vulnerable to command injection attacks. The vulnerability exists because of parser differential for IMAP STARTTLS which does not take into account concurrent requests which allows an attacker to inject and execute arbitrary commands...

7.5CVSS8.1AI score0.01718EPSS
Exploits0References5Affected Software5
Github Security Blog
Github Security Blog
added 2022/09/09 12:0 a.m.39 views

Apache James vulnerable to buffering attack

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS5.9AI score0.01718EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/09 12:0 a.m.19 views

GHSA-W45J-F5G5-W94X Apache James vulnerable to buffering attack

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS5.7AI score0.01718EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.9 views

PT-2022-20747 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 7.0.x and earlier Description: The issue allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service, due to insufficient limitation of the in-memor...

6.5CVSS6.2AI score0.00874EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/09/08 8:15 a.m.3 views

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS5.9AI score0.02347EPSS
Exploits0References3
OSV
OSV
added 2022/09/08 8:15 a.m.16 views

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2022/09/08 8:15 a.m.22 views

Command injection

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

5CVSS5.8AI score0.02347EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/09/08 12:0 a.m.28 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-de968d1b6c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8CVSS6.8AI score0.02092EPSS
Exploits0References2
Fedora
Fedora
added 2022/09/07 9:56 a.m.37 views

[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker...

9.1CVSS7.6AI score0.0214EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.2 views

CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an...

7CVSS6.6AI score0.002EPSS
Exploits0References13
Rows per page
Query Builder