Lucene search
K

202 matches found

Cvelist
Cvelist
added 2022/11/08 12:0 a.m.25 views

CVE-2022-39136

A vulnerability has been identified in JT2Go All versions = V13.3.0.7 V13.3.0.8, Teamcenter Visualization V14.0 All versions V14.0.0.3, Teamcenter Visualization V14.1 All versions V14.1.0.4. The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted T...

7.8CVSS7.9AI score0.00301EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/10/21 12:0 a.m.7 views

The vulnerability of the D-Bus inter-process communication mechanism, related to a boundary error caused by an invalid fixed-length array of elements, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a boundary error caused by an invalid fixed-length array element, where the length of the array is not a multiple of the length of an individual element. Exploiting this vulnerability can allow a malicious actor to...

6.8CVSS6.4AI score0.0131EPSS
Exploits1References12Affected Software8
Positive Technologies
Positive Technologies
added 2022/10/05 12:0 a.m.6 views

PT-2022-5137 · D-Bus +10 · D-Bus +10

Name of the Vulnerable Software and Affected Versions: D-Bus versions 1.12.24 and earlier, 1.13.x, 1.14.x before 1.14.4, and 1.15.x before 1.15.2 Description: An issue was discovered in D-Bus where an authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when...

6.8CVSS7.1AI score0.01417EPSS
Exploits4References98
Huntr
Huntr
added 2022/09/29 7:32 p.m.19 views

No limit in length of "Fullname" parameter results in DOS attack /memory corruption

Proof of Concept 1Go to https://rdiffweb-dev.ikus-soft.com/prefs/general endpoint . 2You will see a field called "Fullname" 3Here you will see that there is no limit for the "Fullname" parameter that allows a user to to set a very long string as long as 1 million characters . 4This may possibly...

5CVSS1.9AI score0.01004EPSS
Exploits1
Huntr
Huntr
added 2022/09/24 11:47 a.m.21 views

No Limit in "title" length while adding SSH key , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like "title" while adding SSH key. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/prefs/sshkeys endpoint . 2Click on add SSH key...

5CVSS1.9AI score0.00951EPSS
Exploits1
Huntr
Huntr
added 2022/09/24 5:36 a.m.15 views

No Limit in length of root directory name , results in memory consumption/DOS attack

Description There must be a fixed length for user input parameters like root directory name. Allowing users to enter long strings may result in a DOS attack or memory corruption Proof of Concept 1Go to https://rdiffweb-demo.ikus-soft.com/admin/users endpoint . 2Click on add user 3Here you will se...

5CVSS2.6AI score0.00943EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2022/09/19 12:0 a.m.21 views

Adobe Bridge SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG...

7.8CVSS5.6AI score0.00667EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/09/14 12:0 a.m.27 views

Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX...

7.8CVSS5.7AI score0.00475EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/07/11 12:0 a.m.14 views

Linux Kernel LightNVM Subsystem Heap-based Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the LightNVM subsystem...

8.2CVSS5.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/05/27 12:0 a.m.22 views

Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling o...

4.3CVSS3.9AI score0.02021EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/04/05 12:0 a.m.27 views

Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI...

7.8CVSS5.7AI score0.01985EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.4 views

PT-2022-15866 · Netatalk +3 · Netatalk +3

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists within th...

10CVSS8.3AI score0.86539EPSS
Exploits15References80
Zero Day Initiative
Zero Day Initiative
added 2022/03/07 12:0 a.m.21 views

Autodesk AutoCAD PICT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PI...

7.8CVSS5.5AI score0.01538EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/02/16 12:0 a.m.34 views

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of...

7CVSS4.5AI score0.00689EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/02/01 12:0 a.m.54 views

Samba AppleDouble Entry Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of AppleDouble entries. The issue results from the lack of proper validation of the...

9.8CVSS3.1AI score0.7372EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2022/01/27 12:0 a.m.20 views

WECON LeviStudioU XML File Parsing Add Tag DstAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of A...

7.8CVSS7.6AI score0.09285EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/01/27 12:0 a.m.23 views

WECON LeviStudioU UMP File Parsing BaseSet Tag BgOnOffBitAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.6AI score0.09285EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2022/01/17 12:0 a.m.37 views

TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigge...

8.8CVSS4.5AI score0.07743EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2021/12/21 12:0 a.m.40 views

Microsoft Windows tcpip.sys Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the tcpip.sys...

8.8CVSS8.4AI score0.00901EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2021/12/03 12:0 a.m.16 views

OpenText Brava! Desktop SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS5.6AI score
Exploits0
Rows per page
Query Builder