Lucene search
+L

266 matches found

pypa
pypa
added 2023/02/07 9:15 p.m.8 views

PYSEC-2023-11

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

6.5CVSS8.2AI score0.01301EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/02/07 8:54 p.m.5 views

GHSA-W7PP-M8WF-VJ6R Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...

6.9CVSS6.8AI score0.01301EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2023/02/07 12:0 a.m.19 views

PT-2023-2766 · Pypi +10 · Cryptography +10

Name of the Vulnerable Software and Affected Versions: cryptography versions 1.8 through the latest version before the fix Description: The issue is related to the Cipher.update into function in the cryptography package, which would accept Python objects that implement the buffer protocol but...

9.1CVSS6.7AI score0.92488EPSS
Exploits12References142
attackerkb
attackerkb
added 2022/12/04 5:15 a.m.4 views

CVE-2022-44721

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2841. Reason: This issue was MERGED into CVE-2022-2841 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2022-2841 instead of this...

2.7CVSS5.8AI score0.03672EPSS
Exploits5References1
githubexploit
githubexploit
added 2022/11/08 3:22 p.m.198 views

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

9CVSS7.3AI score0.96977EPSS
Exploits14
rocky
rocky
added 2022/05/17 7:26 a.m.9 views

new packages: python-into-dbus-python

An update is available for python-into-dbus-python. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

2.2AI score
Exploits0
attackerkb
attackerkb
added 2022/04/12 4:15 p.m.3 views

CVE-2022-27902

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1215. Reason: This issue was MERGED into CVE-2022-1215 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2022-1215 instead of this...

7.8CVSS7AI score0.00364EPSS
Exploits0References1
nessus
nessus
added 2021/11/09 12:0 a.m.49 views

CentOS 8 : thunderbird (CESA-2021:4130)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4130 advisory. - Mozilla: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38503 - Mozilla: Use-after-free in file picker dialog CVE-2021-38504 -...

10CVSS7.6AI score0.0383EPSS
Exploits0References7
bdu_fstec
bdu_fstec
added 2021/09/20 12:0 a.m.9 views

The vulnerability of the copyIntoFrameBuffer function in software for storing OpenEXR images with a wide dynamic range of brightness levels, related to writing beyond the buffer’s boundaries, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the copyIntoFrameBuffer function in software for storing OpenEXR images with a wide dynamic range of brightness is related to writing beyond the buffer’s boundaries. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its...

8.8CVSS7.6AI score0.02291EPSS
Exploits0References7Affected Software3
redhat
redhat
added 2021/06/09 1:55 p.m.3 views

libwebp: heap-based buffer overflow in WebPDecode*Into functions

A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecodeInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.5AI score0.02662EPSS
Exploits0References4
osv
osv
added 2021/02/18 4:15 a.m.8 views

AZL-41851 CVE-2021-27378 affecting package librsvg2 for versions less than 2.58.1-1

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

9.8CVSS7.3AI score0.01243EPSS
Exploits0References1
rustsec
rustsec
added 2021/01/04 12:0 p.m.23 views

EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS2.9AI score0.01327EPSS
Exploits1Affected Software1
osv
osv
added 2021/01/04 12:0 p.m.43 views

RUSTSEC-2021-0011 EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS7.4AI score0.01327EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2020/11/29 12:0 a.m.8 views

PT-2020-6398 · Openexr · Openexr

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR. This issue allows an attacker to execute arbitrary code with the permissions of the user running the application...

8.8CVSS6.8AI score0.02291EPSS
Exploits0References35
nessus
nessus
added 2020/08/07 12:0 a.m.281 views

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

8.3CVSS6.6AI score0.05166EPSS
Exploits0References18
redhat
redhat
added 2020/04/28 3:49 p.m.6 views

sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

7.5CVSS7.3AI score0.03244EPSS
Exploits0References4
redhat
redhat
added 2020/04/28 3:49 p.m.59 views

Moderate: Red Hat Security Advisory: sqlite security and bug fix update

An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.7AI score0.45426EPSS
Exploits0References9
nessus
nessus
added 2020/04/28 12:0 a.m.53 views

RHEL 8 : sqlite (RHSA-2020:1810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...

9.8CVSS7.5AI score0.45426EPSS
Exploits0References18
exploitdb
exploitdb
added 2020/04/21 12:0 a.m.259 views

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...

8.8CVSS8.8AI score0.01802EPSS
Exploits5
osv
osv
added 2020/04/14 11:15 p.m.4 views

UBUNTU-CVE-2020-11764

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp...

5.5CVSS6.8AI score0.01785EPSS
Exploits1References5
Rows per page
Query Builder