Lucene search
K

24 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 12:45 a.m.5 views

CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

5.3CVSS6.2AI score0.00123EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Google Chrome 跨站脚本漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site scripting vulnerability. This vulnerability stemmed from improper implementation of MHTML, and it could allow remote attackers to inject arbitrary scripts or HTML through...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.6 views

EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2025-2550)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the fil...

7.8CVSS4.2AI score0.00271EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2025/11/12 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for gdk-pixbuf2 (EulerOS-SA-2025-2322)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS6.4AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-34192

Malicious code in bioql PyPI...

5.5CVSS7AI score0.00427EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/28 12:0 a.m.4 views

SUSE SLES15 / openSUSE 15 Security Update : ignition (SUSE-SU-2025:03001-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03001-1 advisory. - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input bsc1248548 Tenable has extracted the...

7.5CVSS6.6AI score0.035EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-14296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - canUnpack in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service SEGV or buffer overflow, and application crash or possibly have...

7.8CVSS7.5AI score0.01803EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/02/20 2:33 p.m.3 views

SUSE CVE-2024-45774

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

6.7CVSS6.5AI score0.00243EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the Cloud Management mode of the Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN software allows a hacker to execute arbitrary commands.

The vulnerability of the Cloud Management mode in Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software for network devices is related to the use of uncontrolled format strings. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

8.8CVSS7.9AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.4 views

SUSE CVE-2018-11507

An issue was discovered in Free Lossless Image Format FLIF 0.3. An attacker can trigger a long loop in imageloadpnm in image/image-pnm.cpp...

6.5CVSS6.5AI score0.0115EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/02/07 3:52 p.m.4 views

git: Heap overflow in `git archive`, `git log --format` leading to RCE

A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...

9.8CVSS7.5AI score0.44268EPSS
Exploits0References7
OSV
OSV
added 2022/07/29 11:15 p.m.7 views

AZL-10441 CVE-2022-34526 affecting package libtiff for versions less than 4.4.0-3

A stack overflow was discovered in the TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities...

6.5CVSS7AI score0.01378EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/01/24 9:24 a.m.4 views

OpenJDK: Incorrect reading of TIFF files in TIFFNullDecompressor (ImageIO, 8270952)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.4AI score0.03091EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/07/15 12:0 a.m.7 views

The vulnerability of the TIFFWriteDirectoryTagTransferfunction function in software for viewing, editing, and converting TIFF files arises from the possibility of an operation exceeding the permissible buffer data size. This vulnerability allows attackers to cause service failures.

The vulnerability of the TIFFWriteDirectoryTagTransferfunction function in software for viewing, editing, and converting TIFF files is related to the operation exceeding the allowable buffer data size. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

4.3CVSS6.5AI score0.03372EPSS
Exploits1References14Affected Software5
RedHat Linux
RedHat Linux
added 2020/05/26 8:42 p.m.7 views

ruby: Buffer under-read in String#unpack

A integer underflow was found in the way Stringunpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory...

7.5CVSS7.4AI score0.07825EPSS
Exploits0References5
CNVD
CNVD
added 2019/08/21 12:0 a.m.3 views

Microsoft Outlook Elevation of Privilege Vulnerability (CNVD-2019-40535)

Microsoft Outlook is a personal information management system software with features such as sending and receiving e-mail, calendars and more. An elevation of privilege vulnerability exists in Microsoft Outlook, which arises from a failure to adequately validate the format of incoming emails as...

4.3CVSS6.7AI score0.04423EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2019/04/18 1:0 p.m.9 views

This Week in Security News: Medical Malware and Monitor Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware. Read on: Is Yo...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/06/04 12:0 a.m.3 views

PT-2018-5002 · Unknown · Hopper Disassembler

Name of the Vulnerable Software and Affected Versions: Hopper Disassembler version 3.11.20 Description: An exploitable out of bounds write issue exists in the parsing of ELF Section Headers. A specially crafted ELF file can cause attacker-controlled pointer arithmetic, resulting in a partially...

7.8CVSS7.4AI score0.01251EPSS
Exploits1References4
CNVD
CNVD
added 2018/05/31 12:0 a.m.1 views

Prince Code Execution Vulnerability

Prince is a use of JavaScript to convert XML/HTML files into PDF documents API. A security vulnerability exists in Prince that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the respon...

9.3CVSS7.1AI score0.01752EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/04/14 12:0 a.m.4 views

PT-2015-1062 · Microsoft · Sharepoint Server +4

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2007 SP3 through 2013 SP1 Microsoft Word versions 2007 SP3 through 2013 SP1 Microsoft Word for Mac version 2011 Office Compatibility Pack version SP3 Word Automation Services on SharePoint Server versions 2010 SP2 an...

9.3CVSS9.7AI score0.97327EPSS
Exploits1References16
Rows per page
Query Builder