Lucene search
K

6911 matches found

Prion
Prion
added 2022/09/23 12:15 a.m.16 views

Stack overflow

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110...

4.3CVSS8.2AI score0.00413EPSS
Exploits1References3Affected Software34
OSV
OSV
added 2022/09/23 12:0 a.m.3 views

OSV-2022-932 Stack-buffer-overflow in ntlm_phase_3

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51653 Crash type: Stack-buffer-overflow WRITE 1 Crash state: ntlmphase3 establishhttpproxypassthru fuzzproxy.c...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.60 views

EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2022-2388)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...

6.1CVSS6.6AI score0.00532EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.24 views

EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2022-2352)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...

6.1CVSS6.6AI score0.00532EPSS
Exploits2References3
CVE
CVE
added 2022/09/22 11:6 p.m.57 views

CVE-2022-30426

CVE-2022-30426 describes a stack buffer overflow in the UEFI DXE driver affecting a wide range of Acer products (Altos T110 F3, AP130 F2, Aspire series, Veriton, etc.). Root cause: overflow in the DXE driver enabling arbitrary code execution and privilege escalation from ring 3 to ring 0 during U...

7.8CVSS8.2AI score0.00413EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.30 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-4947)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...

9CVSS9.5AI score0.07915EPSS
Exploits0Affected Software15
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.5 views

PT-2022-7298 · Acer · Acer Veriton E430 +18

Name of the Vulnerable Software and Affected Versions: Acer Altos T110 F3 firmware version = P13 Acer AP130 F2 firmware version = P04 Acer Aspire 1600X firmware version = P11.A3L Acer Aspire 1602M firmware version = P11.A3L Acer Aspire 7600U firmware version = P11.A4 Acer Aspire MC605 firmware...

7.8CVSS7.8AI score0.00413EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.5 views

多款Acer产品缓冲区错误漏洞

Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...

7.8CVSS8.2AI score0.00413EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2022/09/21 12:0 a.m.39 views

dbus-broker security update

28-5.1 - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213...

7.5CVSS1.8AI score0.01749EPSS
Exploits4
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.39 views

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.4AI score0.00391EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/20 5:35 p.m.5 views

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

7.2AI score0.00391EPSS
Exploits1References3
OSV
OSV
added 2022/09/20 11:40 a.m.27 views

RLSA-2022:6608 Moderate: dbus-broker security update

dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features...

7.5CVSS7.5AI score0.01749EPSS
Exploits4References3
Kaspersky
Kaspersky
added 2022/09/20 12:0 a.m.69 views

KLA19256 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

8.8CVSS8.8AI score0.01342EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.44 views

Mozilla Firefox < 105.0

The version of Firefox installed on the remote Windows host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.40 views

Mozilla Firefox < 105.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2022/09/20 12:0 a.m.38 views

RHEL 9 : dbus-broker (RHSA-2022:6608)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6608 advisory. dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and...

7.5CVSS7.8AI score0.01749EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2022/09/16 10:0 a.m.2 views

CVE-2022-40152 Stack Buffer Overflow in Woodstox

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

6.5CVSS7.3AI score0.19653EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/09/16 10:0 a.m.9 views

CVE-2022-40151 Stack Buffer Overflow in xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

6.5CVSS7.3AI score0.01022EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/16 10:0 a.m.32 views

CVE-2022-40151 Stack Buffer Overflow in xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

6.5CVSS7.5AI score0.01022EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/16 12:0 a.m.41 views

CVE-2022-40150 Stack Buffer Overflow in Jettison

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

6.5CVSS7.5AI score0.01256EPSS
Exploits0References4
Rows per page
Query Builder