Lucene search
K

43 matches found

Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.6 views

PT-2025-37876

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak was identified in the UBI Unsorted Block Images module within the Linux kernel, specifically within the ubi resize volume function. The issue stems from a mismatch betwee...

6AI score0.00147EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/02/27 3:7 a.m.3 views

SUSE CVE-2022-49388

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...

5.5CVSS6.8AI score0.00283EPSS
Exploits0References4
OSV
OSV
added 2025/02/26 7:1 a.m.6 views

UBUNTU-CVE-2022-49388

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...

7.8CVSS6.1AI score0.00283EPSS
Exploits0References11
OSV
OSV
added 2025/02/26 2:11 a.m.13 views

CVE-2022-49388 ubi: ubi_create_volume: Fix use-after-free when volume creation failed

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...

7.8CVSS6.1AI score0.00283EPSS
Exploits0References11
Cvelist
Cvelist
added 2025/02/26 2:11 a.m.15 views

CVE-2022-49388 ubi: ubi_create_volume: Fix use-after-free when volume creation failed

In the Linux kernel, the following vulnerability has been resolved: ubi: ubicreatevolume: Fix use-after-free when volume creation failed There is an use-after-free problem for 'ebatbl' in ubicreatevolume's error handling path: ubiebareplacetablevol, ebatbl vol-ebatbl = tbl outmapping:...

0.00283EPSS
Exploits0References8
CVE
CVE
added 2025/02/26 2:11 a.m.84 views

CVE-2022-49388

CVE-2022-49388 affects the Linux kernel ubi_create_volume() in the UBI subsystem. The issue is an use-after-free involving the 'eba_tbl' in the error handling path: ubi_eba_replace_table(vol, eba_tbl) assigns vol->eba_tbl = tbl, then on error the code path leads to ubi_eba_destroy_table(eba_tb...

7.8CVSS5.4AI score0.00283EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 5:45 a.m.7 views

com.github.almex:weblets-demo (=1.1.3), org.apache.geronimo.assemblies:geronimo-jetty8-javaee6 (=3.0-M1) +18 more potentially affected by CVE-2010-2057 via org.apache.myfaces.core:myfaces-impl (=2.0.0)

org.apache.myfaces.core:myfaces-impl MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.myfaces.core:myfaces-impl and may be impacted: - com.github.almex:weblets-demo =1.1.3 -...

5CVSS5.8AI score0.03099EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.24 views

IBM WebSphere Application Server 7.x / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Directory Traversal Vulnerability

A directory traversal vulnerability exists in WebSphere Application Server that is using Enterprise bundle Archives EBA. An authenticated, remote attacker can exploit this, by persuading a victim to extract a specially-crafted ZIP archive containing 'dot dot slash' ../ sequences, an attacker coul...

6.3CVSS6.6AI score0.01951EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/03 11:0 a.m.18 views

Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2018-1797)

Summary There is a potential directory traversal vulnerability in WebSphere Application Server CVE-2018-1797. This is occurs when an Enterprise Bundle Archive EBA is installed into the Application Server that has a path external to the EBA. Vulnerability Details DESCRIPTION: IBM WebSphere...

6.3CVSS0.4AI score0.01951EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2018/11/16 4:0 p.m.20 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives EBA could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences ../, an attacker could exploit th...

6.3CVSS5.8AI score0.01951EPSS
Exploits0References4
CVE
CVE
added 2018/11/16 4:0 p.m.76 views

CVE-2018-1797

CVE-2018-1797 is a directory traversal vulnerability (Zip-Slip) in IBM WebSphere Application Server when using Enterprise Bundle Archives (EBA). An authenticated attacker could cause a victim to extract a crafted ZIP containing ".. /" sequences, enabling writing to arbitrary files on the host. Af...

6.3CVSS5.6AI score0.01951EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/11/16 3:29 p.m.13 views

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives EBA could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences ../, an attacker could exploit th...

6.3CVSS6.2AI score0.01951EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2018/04/23 6:18 p.m.10 views

eba.europa.eu XSS vulnerability

Open Bug Bounty ID: OBB-607240 Description| Value ---|--- Affected Website:| eba.europa.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
NVD
NVD
added 2018/03/02 8:29 p.m.13 views

CVE-2017-9277

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA Enhanced Background Authentication kept open connections without EBA...

7.5CVSS5.2AI score0.0135EPSS
Exploits0References3
Prion
Prion
added 2018/03/02 8:29 p.m.9 views

Authentication flaw

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA Enhanced Background Authentication kept open connections without EBA...

5CVSS7AI score0.0135EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/03/02 8:0 p.m.19 views

CVE-2017-9285 Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services...

5.4CVSS9.5AI score0.01212EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/03/02 8:0 p.m.16 views

CVE-2017-9277 existing connection is being used even though eDirectory LDAP server is upgraded to EBA

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA Enhanced Background Authentication kept open connections without EBA...

4.2CVSS7.5AI score0.0135EPSS
Exploits0References3
NVD
NVD
added 2007/04/24 5:19 p.m.20 views

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

6.8CVSS7.5AI score0.01351EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/04/24 5:0 p.m.22 views

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

7.5AI score0.01351EPSS
Exploits0References4
CVE
CVE
added 2007/04/24 5:0 p.m.39 views

CVE-2007-2190

The CVE-2007-2190 issue affects Eba News 1.1 (admin/public/webpages.php): a PHP remote file inclusion vulnerability that lets an attacker cause arbitrary PHP code execution by supplying a URL in the filename parameter. The root cause is a server-side handling flaw that writes or includes unauthen...

6.8CVSS7.5AI score0.01351EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder