Lucene search
K

98 matches found

RedHat Linux
RedHat Linux
added 2023/10/05 8:18 p.m.2 views

tough-cookie: prototype pollution in cookie memstore

A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

9.8CVSS7.1AI score0.02542EPSS
Exploits2References9
CVE
CVE
added 2023/09/14 8:50 p.m.168 views

CVE-2023-25585

Binutils contains CVE-2023-25585: the file_table field of struct module *module is uninitialized, which may cause an application crash and local denial of service. This is corroborated by multiple connected advisories (Astra Linux, Alpine Linux, Debian Security Tracker, FreeBSD VuxML, and CVE rec...

5.5CVSS5.6AI score0.00376EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.4 views

PT-2023-28228 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this, where the targ...

5.5CVSS3.5AI score0.00415EPSS
Exploits0References5
OSV
OSV
added 2023/07/26 6:15 p.m.4 views

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions...

5.9CVSS5.8AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2023/03/29 7:15 p.m.7 views

CVE-2022-28317

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS6.2AI score0.00637EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.10 views

CVE-2022-28320

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.00938EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.4 views

SUSE CVE-2006-5749

The isdnpppccpresetallocstate function in drivers/isdn/isdnppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the inittimer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash...

1.7CVSS6.7AI score0.00355EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.4 views

SUSE CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic...

5CVSS8.8AI score0.74006EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

6.8CVSS6.5AI score0.00328EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.2 views

SUSE CVE-2022-0175

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

6.5CVSS6.3AI score0.00311EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.10 views

SUSE CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS6.5AI score0.88106EPSS
Exploits100References18
CNNVD
CNNVD
added 2022/11/11 12:0 a.m.5 views

Intel NUC 安全漏洞

The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...

7.8CVSS7.3AI score0.00162EPSS
Exploits0References2
Prion
Prion
added 2022/09/15 4:15 p.m.15 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

4.4CVSS7.8AI score0.00551EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/06 12:0 a.m.7 views

The vulnerability of the io_rw_init_file function in the Linux operating system’s kernel allows a hacker to gain unauthorized access to protected information.

The vulnerability of the iorwinitfile function fs/iouring.c in the Linux kernel is related to initialization errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

3.3CVSS7.2AI score0.01073EPSS
Exploits1References12Affected Software2
RedHat Linux
RedHat Linux
added 2022/03/14 9:24 a.m.5 views

kernel: improper initialization of the "flags" member of the new pipe_buffer

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS6.8AI score0.88106EPSS
Exploits100References8
RedHat Linux
RedHat Linux
added 2022/03/10 3:15 p.m.45 views

kernel: improper initialization of the "flags" member of the new pipe_buffer

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...

7.8CVSS6.8AI score0.88106EPSS
Exploits100References8
OSV
OSV
added 2022/02/18 8:15 p.m.2 views

CVE-2021-46617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/18 8:15 p.m.5 views

CVE-2021-46617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.6AI score0.01878EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/18 8:15 p.m.6 views

CVE-2021-46570

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

7.8CVSS6AI score0.01979EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/10/25 5:15 p.m.5 views

CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6.5CVSS6.2AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder