Lucene search
K

4604 matches found

CBLMariner
CBLMariner
added 2022/04/09 6:51 a.m.20 views

CVE-2021-20231 affecting package gnutls for versions less than 3.6.14-5

CVE-2021-20231 affecting package gnutls for versions less than 3.6.14-5. A patched version of the package is available...

9.8CVSS9.8AI score0.03751EPSS
Exploits1
CBLMariner
CBLMariner
added 2022/04/07 6:4 a.m.27 views

CVE-2021-3739 affecting package kernel 5.10.189.1-1

CVE-2021-3739 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

7.1CVSS7.4AI score0.00582EPSS
Exploits1
CBLMariner
CBLMariner
added 2022/04/07 6:4 a.m.20 views

CVE-2021-3930 affecting package qemu-kvm 4.2.0-48

CVE-2021-3930 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...

6.5CVSS7.4AI score0.00338EPSS
Exploits0
CBLMariner
CBLMariner
added 2022/04/07 6:4 a.m.16 views

CVE-2022-0561 affecting package libtiff 4.1.0-3

CVE-2022-0561 affecting package libtiff 4.1.0-3. A patched version of the package is available...

5.5CVSS5.9AI score0.0125EPSS
Exploits1
OSV
OSV
added 2022/04/06 2:15 p.m.1 views

DEBIAN-CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...

9.8CVSS8.4AI score0.01893EPSS
Exploits0References1
Prion
Prion
added 2022/04/06 2:15 p.m.21 views

Design/Logic Flaw

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...

7.5CVSS9.4AI score0.01893EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/04/06 2:15 p.m.2 views

UBUNTU-CVE-2022-24786

PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...

9.8CVSS7.2AI score0.01893EPSS
Exploits0References4
OSV
OSV
added 2022/04/05 4:15 p.m.8 views

AZL-35233 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS7.5AI score0.03472EPSS
Exploits1References1
CVE
CVE
added 2022/04/05 12:0 a.m.205 views

CVE-2022-24795

The CVE-2022-24795 issue affects yajl (and its ruby binding yajl-ruby). A 32-bit size_t-based integer overflow in the reallocation logic (yajl_buf.c) can cause under-allocation when handling very large inputs (~2 GB), leading to heap memory corruption and potential process availability impact. On...

7.5CVSS7.6AI score0.03472EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2022/04/05 12:0 a.m.49 views

CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS8AI score0.03472EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/04/05 12:0 a.m.3 views

CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

5.9CVSS8.2AI score0.03472EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/04/04 5:40 p.m.7 views

CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...

5.3CVSS5.3AI score0.00969EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/04 5:35 p.m.56 views

CVE-2022-24787 Incorrect Comparison in Vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...

7.5CVSS7.7AI score0.0097EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/31 8:25 a.m.4 views

Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents

Overview Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents CWE-345, CVE-2022-26871. Trend Micro Incorporated states that attacks has been observed. Trend Micro Incorporated reported this...

9.8CVSS7.4AI score0.19633EPSS
Exploits0References8
OSV
OSV
added 2022/03/31 12:0 a.m.13 views

GHSA-8M49-2XJ8-67V9 Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

7.1CVSS6.8AI score0.00493EPSS
Exploits1References5
NCSC
NCSC
added 2022/03/31 12:0 a.m.7 views

0day vulnerability discovered in Spring Core Framework

A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...

9.8CVSS7.6AI score0.99939EPSS
Exploits36
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/31 12:0 a.m.4 views

Insecure Temporary File in SWHKD

SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...

7.8CVSS7.1AI score0.00506EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/31 12:0 a.m.3 views

Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

7.1CVSS7.1AI score0.00493EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/03/22 5:15 p.m.1 views

ALPINE-CVE-2022-24764

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

7.5CVSS7.3AI score0.02303EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/03/22 12:0 a.m.5 views

CVE-2022-24764 Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...

7.5CVSS7.7AI score0.02303EPSS
Exploits0References7
Rows per page
Query Builder