Lucene search
+L

324 matches found

Veracode
Veracode
added 2023/12/15 7:4 a.m.26 views

Remote Code Execution

xwayland:sid is vulnerable to Remote Code Execution. The vulnerability due to changing XKB button actions such as moving from a touch pad to a mouse can result in out-of-bounds memory reads and writes. It allows an attacker execute malicious code in cases where X11 forwarding is involved...

7.8CVSS7.1AI score0.01587EPSS
Exploits0References29Affected Software2
NVD
NVD
added 2023/12/13 7:15 a.m.24 views

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

7.8CVSS0.01587EPSS
Exploits0References29
Prion
Prion
added 2023/12/13 7:15 a.m.20 views

Out-of-bounds

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...

4.3CVSS7.8AI score0.01587EPSS
Exploits0References24Affected Software4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 9 : libxml2 (RLSA-2022:5250)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5250 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in...

6.5CVSS7.3AI score0.0363EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.14 views

Rocky Linux 8 : libxml2 (RLSA-2022:5317)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5317 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in...

6.5CVSS7.3AI score0.0363EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.47 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.10057)

The version of AHV installed on the remote host is prior to 20220304.10057. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.10057 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes...

9.8CVSS8.3AI score0.59501EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.35 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.420)

The version of AHV installed on the remote host is prior to 20220304.420. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.420 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...

8.8CVSS8.3AI score0.59501EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/09/29 12:0 a.m.10 views

The vulnerability of the bitwriter_grow_ function in the FLAC audio codec allows a hacker to execute arbitrary code.

The vulnerability of the bitwritergrow function in the FLAC audio codec is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.9AI score0.00742EPSS
Exploits1References15Affected Software9
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.43 views

Amazon Linux 2 : firefox (ALASFIREFOX-2023-007)

The version of firefox installed on the remote host is prior to 102.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-007 advisory. firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 The Mozilla Foundation Security...

8.8CVSS7.8AI score0.00817EPSS
Exploits1References30
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.6 views

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.3, which stems from an application that could cause the system to unexpectedly terminate or write to kernel memory...

7.8CVSS6.5AI score0.00215EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.3 views

PT-2023-24813 · Arm +1 · Arm +1

Name of the Vulnerable Software and Affected Versions: Arm affected versions not specified Description: The issue arises from the arithmetics in the cache cleaning and invalidation helpers provided by Arm, which can overflow and result in skipping the cache cleaning/invalidation. This means there...

3.3CVSS3.6AI score0.00255EPSS
Exploits0References15
CVE
CVE
added 2023/08/15 9:7 p.m.59 views

CVE-2023-20564

The CVE-2023-20564 entry concerns AMD Ryzen Master Driver IOCTL input validation. Connected sources detail vulnerable component AMDRyzenMasterDriverV17.sys and two IOCTLs: 0x81112F08 (physical memory read) and 0x81112F0C (physical memory write), with insufficient validation of addresses, sizes, a...

6.7CVSS6.4AI score0.0029EPSS
Exploits1References1Affected Software2
RedhatCVE
RedhatCVE
added 2023/08/08 5:51 p.m.27 views

CVE-2023-20564

Insufficient validation in the IOCTL Input Output Control input buffer in AMD RyzenTM Master may permit a privileged attacker to perform memory reads and writes, potentially leading to a loss of confidentiality or arbitrary kernel execution. Mitigation Please contact AMD support for updates...

8.2CVSS6.9AI score0.0029EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

AMD Ryzen Master Input Validation Error Vulnerability

AMD Ryzen Master is a software tool from UltraMicroelectronics AMD for managing and tuning the performance of AMD Ryzen processors. A security vulnerability exists in AMD Ryzen Master that stems from inadequate input buffer validation, which could allow a privileged attacker to perform memory rea...

6.7CVSS6.8AI score0.0029EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2023/06/19 2:52 a.m.79 views

USN-6167-1: QEMU vulnerabilities

It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. A malicious guest driver could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubunt...

8.8CVSS6.8AI score0.00382EPSS
Exploits1
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.6 views

MediaTek 芯片 缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the wlan module of the MediaTek chips, which is caused by a lack of boundary checking and may result in out-of-bounds writes...

6.7CVSS6.5AI score0.00093EPSS
Exploits0References2
OSV
OSV
added 2023/06/02 5:15 p.m.8 views

CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS8.1AI score
Exploits0References6
OSV
OSV
added 2023/06/02 5:15 p.m.3 views

DEBIAN-CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS7.2AI score0.00817EPSS
Exploits0References1
Prion
Prion
added 2023/06/02 5:15 p.m.34 views

Code injection

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.8CVSS8.2AI score0.00817EPSS
Exploits0References5Affected Software3
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.5 views

CVE-2023-0767

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.2AI score0.00817EPSS
Exploits0References5
Rows per page
Query Builder