Lucene search
K

4605 matches found

OSV
OSV
added 2022/10/04 12:0 a.m.2 views

GHSA-38HF-C37X-32HV LIEF vulnerable to denial of service through segmentation fault

A vulnerability in the LIEF::MachO::BinaryParser::initandparse function of LIEF v0.12.1 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted MachO file. A patch for this issue is available at commit fde2c48986739fabd2cf9b40b9af149a89c57850...

7.1CVSS5.9AI score0.00586EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/09/30 12:0 a.m.6 views

PT-2022-26094 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: A problem has been detected in the convertToType0 function in the fofi/FoFiType1C.cc file, causing a crash. This issue is distinct from other known vulnerabilities. Recommendations: For Xpdf version 4.04, consid...

9.1CVSS5.5AI score0.01618EPSS
Exploits22References69
Vulnrichment
Vulnrichment
added 2022/09/26 1:55 p.m.6 views

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

8.4CVSS8.4AI score0.00216EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/24 4:40 a.m.5 views

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

4.3CVSS7.7AI score0.00607EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/09/22 12:0 a.m.5 views

CVE-2022-36062 Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

7.6CVSS7.6AI score0.00596EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/09/21 12:0 a.m.17 views

YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884...

5.4CVSS5.2AI score0.00498EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.3 views

PT-2022-22543 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A heap buffer overflow issue has been discovered in OTFCC commit 617837b via the /release-x64/otfccdump+0x6c0bc3 endpoint. Recommendations: For OTFCC commit 617837b, as a temporary workaround, consider...

6.5CVSS6.6AI score0.00767EPSS
Exploits1References11
CBLMariner
CBLMariner
added 2022/09/17 5:57 a.m.12 views

CVE-2022-0168 affecting package kernel 5.10.131.1-1

CVE-2022-0168 affecting package kernel 5.10.131.1-1. A patched version of the package is available...

4.4CVSS7.4AI score0.00261EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/16 9:5 p.m.4 views

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.00423EPSS
Exploits0
OSV
OSV
added 2022/09/16 9:4 p.m.1 views

GHSA-PXRW-J2FV-HX3H TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite

Impact The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. Patches We have patched the issue in GitHub commit...

7CVSS5.8AI score0.00441EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/16 6:30 a.m.2 views

OpenAM (OpenAM Consortium Edition) vulnerable to open redirect

Overview OpenAM OpenAM Consortium Edition provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and OpenAM Consortium coordinated under the Information Securi...

6.1CVSS6.6AI score0.00438EPSS
Exploits0References6
CBLMariner
CBLMariner
added 2022/09/16 6:5 a.m.14 views

CVE-2021-42523 affecting package colord for versions less than 1.4.4-9

CVE-2021-42523 affecting package colord for versions less than 1.4.4-9. A patched version of the package is available...

7.5CVSS7.5AI score0.00791EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 7:30 a.m.3 views

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 DOM-based cross-site scripting vulnerability CWE-79 - CVE-2022-38975 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported these...

5.4CVSS6.4AI score0.01028EPSS
Exploits0References9
OSV
OSV
added 2022/09/15 12:0 a.m.19 views

GHSA-XV7R-9VQ4-9WRQ Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b...

6.1CVSS6.1AI score0.00526EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/15 12:0 a.m.35 views

Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b...

6.1CVSS6.1AI score0.00526EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/09/14 12:0 a.m.2 views

GHSA-2P5H-HPJ4-FXGG LIEF contains a segmentation violation

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. A patch is available at commit ca938740264f1fcb18f91cba8e4039c518ecb75b...

5.5CVSS5.8AI score0.00287EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/14 12:0 a.m.31 views

LIEF contains a segmentation violation

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. A patch is available at commit ca938740264f1fcb18f91cba8e4039c518ecb75b...

5.5CVSS5.7AI score0.00287EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.6 views

PT-2022-25442 · Ansys · Ansys Spaceclaim

Name of the Vulnerable Software and Affected Versions: Ansys SpaceClaim version 2022 R1 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The fla...

7.8CVSS7.8AI score0.00551EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.6 views

PT-2022-24050 · Unknown · Project Wonder Webobjects

Name of the Vulnerable Software and Affected Versions: Project Wonder WebObjects versions 1.0 through 7.3 Description: The issue concerns Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available...

6.1CVSS6.1AI score0.00526EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-24429 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 365a16a Description: A segmentation violation was discovered in LIEF via the component CoreFile.tcc:69. Recommendations: For LIEF version 365a16a, apply the patch available at commit ca938740264f1fcb18f91cba8e4039c518ecb75b...

5.5CVSS5.3AI score0.00287EPSS
Exploits1References12
Rows per page
Query Builder