Lucene search
K

126 matches found

Cvelist
Cvelist
added 2022/06/15 1:3 p.m.22 views

CVE-2022-20210

The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an attacker to remotely crash the modem, which could lead to DoS...

9.2AI score0.03461EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/02/11 12:0 a.m.14 views

Duplicate advisory: swift-nio-http2 vulnerable to denial of service via ALTSVC or ORIGIN frames

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pgfx-g6rc-8cjv. This link is maintained to preserve external references. Original Description A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC o...

7.5CVSS6.7AI score0.01119EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/09/27 5:15 p.m.14 views

Cross site scripting

Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service DoS...

3.3CVSS6.7AI score0.00526EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/21 9:35 p.m.21 views

CVE-2021-34389

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure...

5CVSS5.9AI score0.00256EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2021:14740-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.9AI score0.06118EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.25 views

SUSE SLED15 / SLES15 Security Update : dhcp (SUSE-SU-2021:1841-1)

This update for dhcp fixes the following issues : CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient bsc1186382 Note that Tenable Network Security has extracted the preceding description block directly from the SU...

7.4CVSS7.7AI score0.06118EPSS
Exploits1References4
Prion
Prion
added 2020/12/31 9:15 a.m.14 views

Code injection

An issue was discovered in the multihash crate before 0.11.3 for Rust. The fromslice parsing code can panic via unsanitized data from a network server...

7.8CVSS7.5AI score0.01371EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.229 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1472) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1472 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approa...

7.9AI score0.09386EPSS
Exploits0References3
OSV
OSV
added 2019/11/26 3:15 p.m.3 views

PYSEC-2019-60

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

5.9AI score
Exploits0References6
OSV
OSV
added 2019/11/26 3:15 p.m.2 views

PYSEC-2019-131

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

7.5CVSS7.1AI score0.03255EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/08/13 12:0 a.m.43 views

Debian DLA-1878-1 : php5 security update

Two heap buffer overflows were found in the EXIF parsing code of PHP, a widely-used open source general purpose scripting language. For Debian 8 'Jessie', these problems have been fixed in version 5.6.40+dfsg-0+deb8u5. We recommend that you upgrade your php5 packages. NOTE: Tenable Network Securi...

7.1CVSS6.6AI score0.0442EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2019/08/13 12:0 a.m.51 views

Debian: Security Advisory (DLA-1878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.6AI score0.0442EPSS
Exploits2References3
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.173 views

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.391 views

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.215 views

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/10 12:0 a.m.265 views

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2019/06/04 12:0 a.m.118 views

Debian: Security Advisory (DLA-1813-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.6AI score0.04068EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/06/04 12:0 a.m.266 views

Debian DLA-1813-1 : php5 security update

Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read. CVE-2019-11040 A heap buffer overflow was discovered in the EXIF parsing code. For Debi...

9.1CVSS7.1AI score0.04068EPSS
Exploits2References4
Veracode
Veracode
added 2019/05/16 2:59 a.m.43 views

Information Disclosure

PHP is vulnerable to information disclosure attacks. A remote user could trigger an information leak in the date extension's timelibmeridian parsing code to obtain potentially sensitive information from the interpreter...

7.5CVSS8.1AI score0.04812EPSS
Exploits0References15Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.30 views

Amazon Linux 2 : python3 (ALAS-2019-1169)

A NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

7.5CVSS7.2AI score0.20743EPSS
Exploits1References2
Rows per page
Query Builder