Lucene search
K

799 matches found

F5 Networks
F5 Networks
added 2023/02/14 3:21 a.m.45 views

K000132525: Apache vulnerability CVE-2006-20001

Security Advisory Description A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-2000...

7.5CVSS7.4AI score0.03546EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.2 views

PT-2023-35020 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue concerns the removal of invalid memory from hardware in the IB/hfi1 component. It was introduced in version v4.8 and fixed in version v6.1.9. The actual impact and attack plausibili...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.2 views

PT-2023-4909 · Libtiff +8 · Libtiff +8

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.4.0 Description: The issue is related to an out-of-bounds read in the tiffcrop utility, located in tools/tiffcrop.c:3701, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This is also...

8.8CVSS6.7AI score0.02187EPSS
Exploits55References336
OSV
OSV
added 2023/01/04 10:53 a.m.9 views

USN-5785-1 freeradius vulnerabilities

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...

7.5CVSS7.3AI score0.02168EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/12/16 12:0 a.m.5 views

The vulnerability of the Microsoft Office Graphics component in the Microsoft 365 Apps for Enterprise suite allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Graphics component in the Microsoft 365 Apps for Enterprise suite is related to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SKP file...

7.8CVSS7.7AI score0.008EPSS
Exploits0References4
OSV
OSV
added 2022/12/15 7:15 p.m.3 views

UBUNTU-CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.01508EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2022/12/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.01508EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.7 views

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

9.8CVSS6.7AI score0.04325EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.3 views

PT-2022-36338 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: The issue concerns attempting to access uninitialized memory in Bluetooth L2CAP. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.3 views

PT-2022-36192 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.79 Description: The issue concerns a problem with reserved memory setup in the riscv architecture. It was introduced in version v5.4 and fixed in version v5.15.79. The actual impact and attack plausibility...

7.2AI score
Exploits0References1
OSV
OSV
added 2022/11/23 9:50 p.m.3 views

CLSA-2022-1669240259 vim: Fix of CVE-2022-3352

CVE-2022-3352: disallow deleting the current buffer to avoid using freed memory...

7.8CVSS7.2AI score0.00489EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.4 views

PT-2022-26597 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13 Description: The issue was addressed with improved memory handling. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. Recommendations: For versions prior t...

7.8CVSS8.2AI score0.00345EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.2 views

PT-2022-26585 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 16 Apple iOS versions prior to 16 Apple macOS versions prior to Ventura 13 Apple watchOS versions prior to 9 Description: A memory consumption issue was addressed with improved memory handling. Processing a...

8.8CVSS7.9AI score0.01291EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/10/19 9:24 p.m.3 views

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

5.3CVSS7.2AI score0.01746EPSS
Exploits0References4
OSV
OSV
added 2022/10/11 9:15 p.m.3 views

CVE-2022-41197

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds .wrl, vrml.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of t...

7.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/10/11 9:15 p.m.3 views

CVE-2022-41180

Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format .pdf, PDFPublishing.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

7.8CVSS6AI score0.00342EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/10/11 9:15 p.m.4 views

CVE-2022-41182

Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly .xb, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to t...

5.5CVSS5.8AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.3 views

PT-2022-25709 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a manipulated Computer Graphics Metafile .cgm file from untrusted sources is opened in the affected software, it can trigger a...

7.8CVSS7.8AI score0.00373EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/10/06 2:56 p.m.8 views

expat: a use-after-free in the doContent function in xmlparse.c

A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...

8.1CVSS7.6AI score0.01659EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.3 views

PT-2022-17488 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in WLAN due to an integer overflow leading to a buffer overflow while parsing GTK frames. This affects various Qualcomm Snapdragon...

9.8CVSS8.4AI score0.00434EPSS
Exploits0References4
Rows per page
Query Builder