Lucene search
K

243 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/23 2:15 a.m.5 views

CVE-2023-36192

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capturewscheckpacket at /src/capture.c...

7.8CVSS7.4AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.7 views

fdkaac 缓冲区错误漏洞

fdkaac is a command-line front-end for the libfdk-aac encoder by the Japanese individual developer nu774. A security vulnerability exists in versions of fdkaac prior to 1.0.5, which stems from the discovery of a stack overflow vulnerability via the readcallback function in src/main.c. The...

5.5CVSS5.7AI score0.00293EPSS
Exploits1References2
OSV
OSV
added 2023/04/04 3:15 p.m.5 views

CVE-2020-23260

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file...

7.5CVSS5.8AI score0.00766EPSS
Exploits1References2
OSV
OSV
added 2023/02/20 11:15 p.m.5 views

UBUNTU-CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

9.8CVSS7.3AI score0.01603EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/20 12:0 a.m.3 views

GNU Emacs 操作系统命令注入漏洞

GNU Emacs is a family of text editors in the American GNU community. An operating system command injection vulnerability exists in GNU Emacs version 28.2 and earlier. An attacker can exploit this vulnerability to execute commands via shell metacharacters in the name of a source code file...

9.8CVSS8.4AI score0.01603EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/02/20 12:0 a.m.10 views

CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

7.3AI score0.01603EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

10CVSS8.2AI score0.08396EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3456

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted ODF style in an ODF...

7.5CVSS8AI score0.20073EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.4 views

SUSE CVE-2017-11109

Vim 8.0 allows attackers to cause a denial of service invalid free or possibly have unspecified other impact via a crafted source aka -S file. NOTE: there might be a limited number of scenarios in which this has security relevance...

7.8CVSS6.6AI score0.01088EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.5 views

The vulnerability in the src/normal.c component of the text editor Vim allows a hacker to execute arbitrary code.

The vulnerability in the src/normal.c component of the Vim text editor is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.9AI score0.00467EPSS
Exploits1References13Affected Software7
CNNVD
CNNVD
added 2023/01/08 12:0 a.m.4 views

Surpass 路径遍历漏洞

Surpass is a PHP package developed primarily for Laravel by the individual developer Sukohi Kuhoh. It is used to manage uploading images and displaying thumbnails using Ajax. A path traversal vulnerability exists in Surpass versions prior to 1.0.0, which stems from unknown code in the file...

5.5CVSS5.6AI score0.0072EPSS
Exploits0References5
PyPA
PyPA
added 2022/12/19 10:15 p.m.6 views

PYSEC-2022-43144

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc...

9.1CVSS7.3AI score0.01042EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.5 views

Soil 跨站脚本漏洞

Soil is Roots open source a WordPress plugin . Used to apply theme-independent front-end modifications. A cross-site scripting vulnerability exists in Soil versions prior to 4.1.0, which originates in the function languageattributes in the file src/Modules/CleanUpModule.php, where manipulation of...

6.1CVSS4.3AI score0.00555EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.3 views

bible-online SQL注入漏洞

bible-online is an online Bible application by James M.Z. Personal Developer. bible-online suffers from an SQL injection vulnerability that originates in a function query in the file src/main/java/custom/application/search.java of the component Search Handler, which operates to cause SQL injectio...

9.8CVSS8.3AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2022/12/09 11:4 a.m.3 views

OESA-2022-2131 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a projec...

7.8CVSS7.6AI score0.0063EPSS
Exploits0References2
Fedora
Fedora
added 2022/11/10 10:41 p.m.18 views

[SECURITY] Fedora 37 Update: llhttp-6.0.10-1.fc37

This project is a port of httpparser to TypeScript. llparse is used to generate the output C source file, which could be compiled and linked with the embedder's program like Node.js. This copy of the library is compiled with LLHTTPSTRICTMODE set to 0 disabled, which is the default...

7.2AI score
Exploits0
OSV
OSV
added 2022/10/06 12:0 a.m.26 views

CVE-2022-39280 Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

5.9CVSS7.5AI score0.00982EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.6 views

JPEGDEC 安全漏洞

JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. A security vulnerability exists in JPEGDEC that stems from a segmentation error in the fseek module of the /src/jpeg.inl file...

5.5CVSS5.7AI score0.00287EPSS
Exploits1References2
Veracode
Veracode
added 2022/08/03 9:4 a.m.21 views

Command Injection

node-latex-pdf is vulnerable to command injection. Insecure handling of compilation and execution of source file in selflatex function in node-latex-pdf.js allows an attacker to inject and execute malicious commands...

9.8CVSS9.4AI score0.00786EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.4 views

Cesanta MJS 代码问题漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

5.5CVSS5.8AI score0.00307EPSS
Exploits1References3
Rows per page
Query Builder