Lucene search
K

1887 matches found

RedHat Linux
RedHat Linux
added 2021/01/26 11:24 a.m.3 views

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

7.8CVSS7.8AI score0.01157EPSS
Exploits0References5
OSV
OSV
added 2021/01/15 12:0 a.m.9 views

OSV-2018-288 Use-of-uninitialized-value in jbig2_decode_symbol_dict

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9688 Crash type: Use-of-uninitialized-value Crash state: jbig2decodesymboldict jbig2symboldictionary jbig2parsesegment...

7.2AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/31 3:53 p.m.39 views

Security Bulletin: IBM Cloud Pak System addressed vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

Summary IBM Cloud Pak System identified vulnerabilities in SAN VC supporting products. IBM announced a new release for IBM Cloud Pak System in response to vulnerabilities. Vulnerability Details CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an...

7.8CVSS0.5AI score0.98745EPSS
Exploits4Affected Software1
Cvelist
Cvelist
added 2020/12/11 10:55 p.m.20 views

CVE-2020-24341

An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in picotcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Servic...

9.2AI score0.04893EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/12/09 4:28 p.m.29 views

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

10CVSS9.7AI score0.04708EPSS
Exploits1References4
Veracode
Veracode
added 2020/12/06 4:44 a.m.24 views

Cross-Site Scripting (XSS)

Google Chrome is vulnerable to cross-site scripting. An attacker is able to inject a WPAD file on the local network segment to proxy resources on localhost...

5.7CVSS1.5AI score0.00443EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2020/12/04 3:15 p.m.3 views

DEBIAN-CVE-2020-27765

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

3.3CVSS6.3AI score0.01001EPSS
Exploits1References1
OSV
OSV
added 2020/12/04 3:15 p.m.2 views

UBUNTU-CVE-2020-27765

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

3.3CVSS6.7AI score0.01001EPSS
Exploits1References4
CNNVD
CNNVD
added 2020/12/04 12:0 a.m.5 views

ImageMagick Studio ImageMagick 数字错误漏洞

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in MagickCore/segment.c in versions of ImageMagick prior to 7.0.9-0. An attacker can exploit this vulnerability by submitting a...

4.3CVSS6.8AI score0.01001EPSS
Exploits1References10
CNNVD
CNNVD
added 2020/12/03 12:0 a.m.7 views

Valvesoftware GameNetworkingSockets Buffer Error Vulnerability

Valvesoftware GameNetworkingSockets is a transport layer support software for game delivery data from Valvesoftware USA. A buffer error vulnerability exists in Valve Game Networking Sockets versions prior to 1.2.0, which stems from a network socket incorrectly handling long unreliable segments in...

9.8CVSS7.8AI score0.031EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/11/24 12:0 a.m.5 views

The vulnerability of the Segment component in the Oracle Retail Customer Management and Segmentation Foundation software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Segment component in Oracle Retail Customer Management and Segmentation Foundation software relates to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

3.5CVSS6.4AI score0.0083EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2020/11/20 12:0 a.m.10 views

GaussDB Kernel: Specifying the Listening IP Address for the GDS Module

For the GDS module, you are advised to listen on the specified explicit IP addresses on a network segment to listen on the connections to the network Segment. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/11/18 12:0 a.m.6 views

PT-2020-18891 · Valve · Game Networking Sockets

Name of the Vulnerable Software and Affected Versions: Valve's Game Networking Sockets versions prior to v1.2.0 Description: The issue arises from the improper handling of unreliable segments with negative offsets in the SNP ReceiveUnreliableSegment function, leading to a Heap-Based Buffer...

10CVSS9.8AI score0.05753EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.25 views

EulerOS Virtualization 3.0.6.6 : wpa_supplicant (EulerOS-SA-2020-2477)

According to the version of the wpasupplicant package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request...

7.8CVSS6.7AI score0.15193EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2020/11/04 12:58 a.m.2 views

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

7.8CVSS7.8AI score0.01157EPSS
Exploits0References5
CNVD
CNVD
added 2020/10/26 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Retail Customer Management and Segmentation Foundation

Oracle Retail Customer Management and Segmentation Foundation is a retail customer management product. A security vulnerability exists in the Segment component of Oracle Retail Customer Management and Segmentation Foundation 18.0, 19.0. An attacker could exploit the vulnerability to gain...

3.5CVSS8.5AI score0.0083EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/21 2:4 p.m.23 views

CVE-2020-14731

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications component: Segment. Supported versions that are affected are 18.0 and 19.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

3.1CVSS3.5AI score0.0083EPSS
Exploits0References1
NVD
NVD
added 2020/10/19 9:15 p.m.33 views

CVE-2020-6085

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.8CVSS0.03515EPSS
Exploits1References1
OSV
OSV
added 2020/10/19 9:15 p.m.5 views

CVE-2020-6084

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.1AI score0.03515EPSS
Exploits1References1
OSV
OSV
added 2020/10/19 9:15 p.m.5 views

CVE-2020-6085

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder