Lucene search
+L

201 matches found

Vulnrichment
Vulnrichment
added 2024/12/11 7:2 p.m.14 views

CVE-2024-47598 GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemuxmergesampletable function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading sttsduration, allowing the...

5.1CVSS6.5AI score0.00937EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/11 7:1 p.m.20 views

CVE-2024-47596 GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemuxparsesvq3stsddata function within qtdemux.c. In the FOURCCSMI case, seqhsize is read from the input file without proper validation. If seqhsize is greater than the remaining...

5.1CVSS6.6AI score0.01134EPSS
Exploits0References3
OSV
OSV
added 2024/11/15 12:16 a.m.7 views

OSV-2024-1312 Heap-buffer-overflow in jv_string_vfmt

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=378836890 Crash type: Heap-buffer-overflow READ 13 Crash state: jvstringvfmt jvstringfmt jvparsesizedcustomflags...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.5 views

PT-2024-40596 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as cfl sds len, unpack meta opts, and cmt mpack unpack map. No...

6.9AI score
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/09/17 12:0 a.m.10 views

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.8AI score0.00283EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.5 views

NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt

...

5.5CVSS6.3AI score0.002EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-40563 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as chunk free object, file close file, and sclose. Recommendations: At the moment, there is no...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.8 views

PT-2024-40857 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue, as reported by OSS-Fuzz. The crash state includes functions such as chunk free object, sclose, and sfclose. No information is available...

7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/29 10:16 p.m.16 views

CVE-2024-40806

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may...

5.8AI score0.00336EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.6 views

PT-2024-37179 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An Incorrect Authorization issue was identified in GitHub Enterprise Server, allowing read access to issue content via GitHub Projects. This issue was only exploitable in internal...

6.5CVSS7AI score0.00514EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/07/02 9:2 a.m.5 views

kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng

A vulnerability was found in the hwrng component of the Linux kernel, which caused a deadlock when reading from /dev/hwrng into memory and mmap-ed from /dev/hwrng. This issue is triggered by a recursive read during a page fault and allows a local, authenticated attacker to cause a denial of servi...

5.5CVSS6.7AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.18 views

PT-2024-25705 · Adobe · Acrobat For Edge

Name of the Vulnerable Software and Affected Versions: Acrobat for Edge versions 126.0.2592.68 and earlier Description: The issue is an out-of-bounds read vulnerability that occurs when parsing a crafted file, potentially resulting in a read past the end of an allocated memory structure. This cou...

7.8CVSS6.7AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.9 views

PT-2024-35727 · Devika · Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika version latest Description: A local file read issue exists due to improper handling of the snapshot path parameter in the "/api/get-browser-snapshot" endpoint. An attacker can exploit this by crafting a request with a...

7.5CVSS7.4AI score0.02073EPSS
Exploits1References6
OSV
OSV
added 2024/05/15 3:15 p.m.15 views

USN-6766-2 linux-hwe-5.15, linux-raspi vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

7.8CVSS6.8AI score0.78388EPSS
Exploits2References92
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.4 views

Merative Merge DICOM Toolkit 安全漏洞

Merative Merge DICOM Toolkit is a comprehensive API from Merative that complies with the latest DICOM standards. A security vulnerability exists in Merative Merge DICOM Toolkit C/C++ versions prior to 5.18.0 that stems from the presence of an out-of-bounds read vulnerability...

4CVSS6.8AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.23 views

PT-2024-6083

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...

9.4CVSS8AI score0.75116EPSS
Exploits5References340
Positive Technologies
Positive Technologies
added 2024/05/01 12:0 a.m.7 views

PT-2024-40750 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash occurred due to an unknown read issue, as reported by OSS-Fuzz. The crash state involves functions such as jvp object free, jv free, and jv equal...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.5 views

PT-2024-40735 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as jv array set, jv set, and jv setpath. No information is available about the estimated number of...

6.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-40718 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue, with the crash state involving std:: 1:: POW10 SPLIT 2. Recommendations: At the moment, there is no information about a newer version that...

6.8AI score
Exploits0References2
CNVD
CNVD
added 2024/04/24 12:0 a.m.8 views

Memory out-of-bounds read vulnerability in FreeRDP ExtractRunLengthRegular* function

FreeRDP is a freeware program that implements the Remote Desktop Protocol, which is mainly used to connect and manage Windows servers remotely. A memory out-of-bounds read vulnerability exists in FreeRDP versions prior to 3.5.1. The vulnerability arises because the program fails to properly handl...

9.8CVSS6.4AI score0.0137EPSS
Exploits0References1
Rows per page
Query Builder