Lucene search
K

5256 matches found

CNNVD
CNNVD
added 2021/03/05 12:0 a.m.6 views

Rust 资源管理错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in scratchpad crate before 1.3.1 for Rust, which stems from the move elements function being able to use double free. no details of the vulnerability are currently available...

9.8CVSS5.5AI score0.01364EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.9 views

The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system, allowing attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software development and management platform is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8CVSS7.8AI score0.02863EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.4 views

The vulnerability of the module for scheduled operations on the Magento Commerce software development and management platform allows a hacker to execute arbitrary code.

The vulnerability of the module for scheduled operations on the Magento Commerce software platform relates to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.1CVSS8.2AI score0.04114EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.8 views

The vulnerability of the WebAPI interface of the Magento Commerce software development and management platform allows a perpetrator to execute arbitrary code.

The vulnerability of the WebAPI interface of the Magento Commerce software development and management platform relates to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.1CVSS8.1AI score0.04739EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/03/01 12:0 a.m.58 views

Fedora 32 : kernel (2021-8d45d297c6)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d45d297c6 advisory. - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant...

7.8CVSS6.7AI score0.00544EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/02/26 1:51 a.m.23 views

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

6.1CVSS8.1AI score0.00753EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/02/25 12:0 a.m.6 views

The vulnerability in the Junos operating system’s license-check mechanism allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the Junos operating system’s license-check mechanism is related to the failure to implement measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

7.8CVSS7.6AI score0.00848EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/02/22 7:15 a.m.18 views

Race condition

Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired...

7.2CVSS7.7AI score0.00161EPSS
Exploits0References1
RustSec
RustSec
added 2021/02/19 12:0 p.m.19 views

Multiple memory safety issues in insert_row

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

9.8CVSS1.6AI score0.01167EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/02/19 12:0 p.m.17 views

SliceDeque::drain_filter can double drop an element if the predicate panics

Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred. If the predicate function panics, it is possible for the last element in the iterator to be dropped twice...

7.5CVSS2.7AI score0.01135EPSS
Exploits1
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an omission of errors that effectively imply the success of related batch elements. No details of the...

5.5CVSS6.7AI score0.00346EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.5 views

The vulnerability of the command-line interface of Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 8000 Series allows a attacker to elevate their privileges to the root level.

The vulnerability of the command-line interface of Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 8000 Series exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command. Exploiting this vulnerability can allow...

7.8CVSS7.2AI score0.00379EPSS
Exploits0References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/02/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2013-3896

Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...

5.5CVSS7.3AI score0.6961EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2021/02/05 6:22 a.m.32 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni. When specifying the plugin to load in the type field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an...

7.2CVSS4AI score0.01525EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/02/04 12:0 a.m.63 views

Oracle Linux 6 : thunderbird (ELSA-2020-5238)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5238 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...

9.3CVSS7.4AI score0.0247EPSS
Exploits1References11
RustSec
RustSec
added 2021/02/03 12:0 p.m.18 views

insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

5.3CVSS3AI score0.01359EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.2 views

The vulnerability of the Adobe Download Manager’s download manager, related to incorrect elimination of special elements in the output data used by the incoming component, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Download Manager’s download manager is related to the incorrect elimination of certain elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

9.3CVSS7.9AI score0.04847EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of the chrome-launcher software arises from the lack of measures taken to neutralize special elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the chrome-launcher software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.01023EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.6 views

Qualcomm Wlan Firmware Buffer Error Vulnerability

Qualcomm Wlan Firmware is a Wlan support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Wlan Firmware that originates from a buffer over-read due to improper IE length checking in receive beacons...

9.4CVSS7.5AI score0.00806EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.5 views

Qualcomm Chip Security Breach

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are often fabricated on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stems from...

7.5CVSS7.2AI score0.00595EPSS
Exploits0References4
Rows per page
Query Builder