Lucene search
K

673 matches found

Zero Day Initiative
Zero Day Initiative
added 2021/07/05 12:0 a.m.66 views

Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tre...

7CVSS4.9AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/28 12:0 a.m.4 views

Trend Micro Password Manager 输入验证错误漏洞

Trend Micro Password Manager is a secure password management solution from Trend Micro. runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. An input validation error vulnerability exists in Trend Micro Password Manager that stems fro...

7.8CVSS8.3AI score0.00369EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2020:1335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.7CVSS7.2AI score0.02213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.4 views

PT-2021-6775 · Unknown · Gpac Project On Advanced Content Library

Name of the Vulnerable Software and Affected Versions: GPAC Project on Advanced Content library version 1.0.1 Description: An exploitable integer truncation issue exists within the MPEG-4 decoding functionality. A specially crafted MPEG-4 input can cause improper memory allocation, resulting in a...

9.3CVSS9.1AI score0.02019EPSS
Exploits24References72
Zero Day Initiative
Zero Day Initiative
added 2021/04/22 12:0 a.m.29 views

Oracle VirtualBox VMSVGA Numeric Truncation Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

6CVSS3.8AI score0.00356EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2020:1552-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS6.5AI score0.00378EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2020:1430-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02815EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/03/18 1:8 p.m.3 views

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS7.1AI score0.00378EPSS
Exploits0References6
Mageia
Mageia
added 2021/03/12 1:25 a.m.16 views

Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

0.8AI score
Exploits0References3
OSV
OSV
added 2021/03/12 1:25 a.m.5 views

MGASA-2021-0123 Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

7.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/11 12:0 a.m.344 views

EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-1668)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...

9.8CVSS7.8AI score0.04047EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.200 views

EulerOS Virtualization 2.9.1 : edk2 (EulerOS-SA-2021-1633)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - EFI Development Kit II AARCH64 UEFI FirmwareSecurity Fixes:AuthenticodeVerify calls OpenSSLs d2iPKCS7 API to parse asn encoded signe...

9.8CVSS7.8AI score0.04047EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.36 views

CentOS 8 : dpdk (CESA-2020:4806)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4806 advisory. - dpdk: librtevhost Integer overflow in vhostusersetlogbase CVE-2020-10722 - dpdk: librtevhost Integer truncation in vhostusercheckandallocqueuepair...

7.7CVSS6.5AI score0.02213EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.49 views

CentOS 8 : freetype (CESA-2020:4952)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4952 advisory. - freetype: Heap-based buffer overflow due to integer truncation in LoadSBitPng CVE-2020-15999 Note that Nessus has not tested for this issue but has instead...

9.6CVSS8.5AI score0.5063EPSS
Exploits2References2
Gitee
Gitee
added 2021/01/24 10:46 a.m.86 views

Exploit for Improper Access Control in Xen

kernelexploitfactory Keep updating...... Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore. This repository is to extract all Linux kernel exploit and relative debug environment. The test is on...

8.2CVSS7.1AI score0.30052EPSS
Exploits25
Mageia
Mageia
added 2021/01/17 4:7 p.m.81 views

Updated edk2 packages fix multiples security vulnerabilities

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12179. Insufficient memory write check in SMM service for EDK II may allow an authenticated...

9.8CVSS4AI score0.01366EPSS
Exploits0References7
OSV
OSV
added 2020/12/31 9:15 a.m.6 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.8CVSS7.3AI score0.01515EPSS
Exploits0References1
NVD
NVD
added 2020/12/31 9:15 a.m.54 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.8CVSS9.4AI score0.01515EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/31 8:16 a.m.39 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.5AI score0.01515EPSS
Exploits0References1
CVE
CVE
added 2020/12/31 8:16 a.m.54 views

CVE-2020-35926

CVE-2020-35926 concerns the nanorand crate for Rust prior to 0.5.1, where random number generators (including ChaCha) could return all zeroes due to integer truncation. This affects RNG implementations for standard unsigned integers and arises from using bit-shifting instead of a direct cast, per...

9.8CVSS9.3AI score0.01515EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder