Lucene search
K

18 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they aren’t eliminated through dead code elimination. However, this can lead ...

5.5CVSS5.3AI score0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 12:3 a.m.2 views

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an invalid call to drvstaprercuremove on an unuploaded sta, which could lead to data corruption...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.6 views

Parse Server Injection Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in Parse Server before 6.5.5, 7.0.0-alpha.29, which stems from the fact that a call to an invalid Parse Server Cloud Function name or Cloud Job name can cause...

9CVSS7.2AI score0.01188EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/02/24 12:0 a.m.10 views

Upgraded Q -> 2 from #596 [1677228840417]

Judge has assessed an item in Issue 596 as 2 risk. The relevant finding follows: withdraw and redeem function withdraw IERC4626 vault, address to, uint256 amount, uint256 maxSharesOut public payable virtual override returns uint256 sharesOut ERC20addressvault.safeApproveaddressvault, amount; if...

6.9AI score
Exploits0
OSV
OSV
added 2022/05/01 4:15 p.m.4 views

DEBIAN-CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS7.6AI score0.01955EPSS
Exploits0References1
NVD
NVD
added 2022/05/01 4:15 p.m.31 views

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS0.01955EPSS
Exploits0References3
OSV
OSV
added 2022/05/01 4:15 p.m.3 views

UBUNTU-CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS7.3AI score0.01955EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/05/01 3:20 p.m.7 views

CVE-2022-21227

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...

7.5CVSS7.1AI score0.01955EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.6 views

The vulnerability of PHP Smarty template handlers relates to improper code generation during the processing of invalid function names, allowing attackers to execute arbitrary code.

The vulnerability of PHP Smarty templates relates to improper handling of code generation when processing invalid function names. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS7AI score0.82316EPSS
Exploits1References7Affected Software3
Veracode
Veracode
added 2022/01/18 5:21 a.m.6 views

Denial Of Service (DoS)

libgpac is vulnerable to denial of service. The vulnerability exists due to an invalid call in the function gfnodechanged...

5.5CVSS6.9AI score0.00718EPSS
Exploits1References4Affected Software2
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.4 views

GPAC 输入验证错误漏洞

GPAC is an open source multimedia framework. a security vulnerability exists in GPAC, which stems from the discovery that GPAC v1.1.0 contains an invalid call in the function gfnodechanged. An attacker could exploit the vulnerability to cause a denial of service DoS...

5.5CVSS5.7AI score0.00718EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/01/14 12:0 a.m.11 views

PT-2022-12393 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.1.0 Description: The issue is related to an invalid call in the gf node changed function, which can lead to a Denial of Service DoS. Recommendations: For GPAC version 1.1.0, consider disabling the gf node changed function as a...

9.8CVSS7.2AI score0.04615EPSS
Exploits98References239
Prion
Prion
added 2021/10/06 6:15 p.m.18 views

Design/Logic Flaw

Lack of boundary checking of a buffer in setskbpriv of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer...

4.6CVSS7.8AI score0.0062EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/03/23 6:15 p.m.28 views

PYSEC-2021-432

Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid free or realloc calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and ...

7.1CVSS2.7AI score0.01811EPSS
Exploits1References4
OSV
OSV
added 2020/05/21 11:15 p.m.2 views

CVE-2020-1084

A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would...

5.5CVSS7.1AI score0.01025EPSS
Exploits0References1
Veracode
Veracode
added 2019/01/15 9:24 a.m.34 views

Denial Of Service (DoS)

rh-postgresql96-postgresql is vulnerable to denial of service DoS attacks. The vulnerability exists as invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can...

8.1CVSS7.6AI score0.03723EPSS
Exploits0References9Affected Software3
Amazon
Amazon
added 2017/12/05 12:0 a.m.51 views

Medium: postgresql95, postgresql96

Issue Overview: Privilege escalation flaws were found in the initialization scripts of PostgreSQL. A remote attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.CVE-2017-12172 INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL...

8.1CVSS7.9AI score0.06324EPSS
Exploits0
Rows per page
Query Builder