Lucene search
K

5255 matches found

RedHat Linux
RedHat Linux
added 2020/07/29 9:38 p.m.1 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 8:57 p.m.3 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 8:37 p.m.2 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:28 p.m.6 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/21 11:24 a.m.9 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/21 11:9 a.m.4 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
Veracode
Veracode
added 2020/07/13 3:18 a.m.12 views

Denial Of Service (DoS)

html-to-text is vulnerable to denial of service DoS. The library does not properly handle parsed HTML when it either very deep or has a big amount of DOM elements, allowing a malicious user to cause an application crash...

3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/07/09 12:0 a.m.4 views

The vulnerability in the embedded software of NETGEAR routers such as NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, and NETGEAR RBS850 exists due to the failure to take measures to eliminate special elements used in the operating system. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of NETGEAR’s embedded software, including models like NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, NETGEAR RBS750, NETGEAR RBK842, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBR850, and NETGEAR RBS850, exists due to the lack of...

9.6CVSS7.8AI score0.01202EPSS
Exploits0References4Affected Software12
OSV
OSV
added 2020/07/07 11:45 a.m.7 views

SUSE-SU-2020:0629-2 Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

6.5CVSS6.4AI score0.02125EPSS
Exploits0References3
OSV
OSV
added 2020/07/07 11:45 a.m.6 views

SUSE-SU-2020:0629-1 Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

6.5CVSS6.4AI score0.02125EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/07/07 8:38 a.m.6 views

kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

A flaw was found in the way the mwifiexcmdappendvsietlv in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system...

7.8CVSS7.1AI score0.00435EPSS
Exploits0References4
Veracode
Veracode
added 2020/07/07 7:40 a.m.18 views

Cross-Site Scripting (XSS)

markdown2 is vulnerable to cross-site scripting XSS attacks. The vulnerability is introduced because of using a loosely defined regular expression for incompletetagsre string in the function encodeampsandangles causing a bypass of HTML element if a user passes a malicious string with a new line...

6.1CVSS0.9AI score0.00812EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/07/03 12:0 a.m.5 views

The vulnerability of Azure DevOps Server’s software development tools, related to the failure to take measures to neutralize special elements, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of Azure DevOps Server lies in the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...

6.1CVSS6.8AI score0.0182EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/06/16 10:15 p.m.19 views

Cross site scripting

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

6.8CVSS6.6AI score0.01853EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2020/06/16 12:0 a.m.15 views

Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize

When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config o...

7.3CVSS6.2AI score0.01853EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.3 views

PT-2020-5919 · Siemens · Sinamics Startdrive +14

Name of the Vulnerable Software and Affected Versions: SIMATIC Automation Tool versions prior to V4 SP2 SIMATIC NET PC Software V14 versions prior to V14 SP1 Update 14 SIMATIC NET PC Software V15 versions SIMATIC NET PC Software V16 versions prior to V16 Upd3 SIMATIC PCS neo versions prior to V3....

7.2CVSS6.8AI score0.00441EPSS
Exploits0References5
NVD
NVD
added 2020/06/08 2:15 p.m.21 views

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

5.4CVSS6.2AI score0.02142EPSS
Exploits0References12
OPENSUSE Linux
OPENSUSE Linux
added 2020/06/08 12:0 a.m.51 views

Security update for libreoffice (moderate)

openSUSE Security Update: Security update for libreoffice Announcement ID: openSUSE-SU-2020:0786-1 Rating: moderate References: 1160687 1165870 1167463 1171997 Cross-References: CVE-2020-12801 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has three fixes is now...

5.3CVSS5.6AI score0.01255EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/05/27 12:0 a.m.37 views

Schneider-electric Ecostruxure Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

7.5CVSS3.6AI score0.01542EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/05/26 12:0 a.m.4 views

The vulnerability of the Adobe Digital Editions e-book reading program, which exists due to the failure to take measures to neutralize special elements, allows a violator to execute arbitrary code.

The vulnerability of the Adobe Digital Editions e-book reading program exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.0715EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder