Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

0day.today
0day.todayadded 2023/04/24 12:0 a.m.275 views

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation Vulnerability

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

8.8CVSS6.8AI score0.00387EPSS
Exploits3
Prion
Prionadded 2022/09/21 11:15 p.m.13 views

Command injection

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

4.4CVSS7.8AI score0.00266EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/09/21 11:10 p.m.14 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.00266EPSS
Exploits1References3
CVE
CVEadded 2022/09/21 11:10 p.m.97 views

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

7.8CVSS7.3AI score0.00266EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2022/09/21 5:0 p.m.24 views

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

7.8CVSS7.5AI score0.00266EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2021/09/21 7:13 a.m.9 views

ALBA-2021:3594 libdb bug fix and enhancement update

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fixes and Enhancements: FJ8.4 Bug: REGThe rpm command hangs and the CPU usage reaches 100% BZ2001972...

7.3AI score
Exploits0References1
AlmaLinux
AlmaLinuxadded 2021/09/21 7:13 a.m.15 views

libdb bug fix and enhancement update

The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Bug Fixes and Enhancements: FJ8.4 Bug: REGThe rpm command hangs and the CPU usage reaches 100% BZ2001972...

0.9AI score
Exploits0References1
Rows per page
Query Builder