Lucene search
K

49 matches found

Oracle linux
Oracle linux
added 2023/09/22 12:0 a.m.44 views

qemu security update

15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...

6.5CVSS7.3AI score0.00269EPSS
Exploits0
Snyk
Snyk
added 2023/09/12 8:15 p.m.3 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.22, 7.0.11 ...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/12 8:5 p.m.4 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the Microsoft.DiaSymReader.Native.amd64.dll file when reading a corrupted PDB file. Note: This issue only affects Windows systems. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 6.0.22...

7.8CVSS7.4AI score0.01441EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.17 views

PT-2023-5059 · Microsoft +1 · Visual Studio +2

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the syste...

9.8CVSS7AI score0.99999EPSS
Exploits19References160
OSV
OSV
added 2023/08/03 3:15 p.m.8 views

AZL-31817 CVE-2023-3180 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

6.5CVSS6.9AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/07/25 7:15 p.m.3 views

CVE-2023-39129

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

5.5CVSS6.3AI score0.00238EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2023/02/18 6:57 a.m.15 views

sym-brno.cz Cross Site Scripting vulnerability OBB-3197154

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2020/10/18 12:0 a.m.12 views

OSV-2020-2081 UNKNOWN READ in presym_sym2name

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26400 Crash type: UNKNOWN READ Crash state: presymsym2name sym2namelen mrbsymnamelen...

7.2AI score
Exploits0References1
CVE
CVE
added 2019/02/25 3:0 p.m.51 views

CVE-2019-9142

The CVE-2019-9142 issue affects b3log Symphony (Sym) prior to v3.4.7. The vulnerability is an XSS flaw exposed via userIntro and userNickname fields in processor/SettingsProcessor.java. Connections across multiple sources confirm the root cause is input handling in SettingsProcessor.java, leading...

6.1CVSS5.9AI score0.00802EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/15 12:0 a.m.4 views

The vulnerability of the `ignore_section_sym` function in the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the ignoresectionsym function in the GNU Binutils development toolset is related to the lack of NULL check and the assignment of the outputsection pointer when writing a symtab with the type “SECTION”. Exploitation of this vulnerability could allow an attacker to cause servic...

5.5CVSS6.4AI score0.02236EPSS
Exploits0References6
CNVD
CNVD
added 2018/12/24 12:0 a.m.5 views

Tiny C Compiler Out-of-Bounds Write Vulnerability (CNVD-2019-07055)

Tiny C Compiler is a C compiler for x86, X86-64 and ARM processors created by Fabrice Bellard. An out-of-bounds write vulnerability exists in the sympop function in tccgen.c in Tiny C Compiler also known as TinyCC or TCC 0.9.27, which can be exploited by an attacker to cause an 8-byte out-of-boun...

5.5CVSS7AI score0.00746EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/10/30 5:30 p.m.4 views

binutils: NULL pointer dereference in elf.c

The ignoresectionsym function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, does not validate the outputsection pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial o...

5.5CVSS7.4AI score0.02236EPSS
Exploits0References4
CVE
CVE
added 2018/04/27 4:0 a.m.52 views

CVE-2018-10469

CVE-2018-10469 affects b3log Symphony (Sym) 2.6.0. A remote attacker can upload and execute arbitrary JSP files by sending the name[] parameter to the /upload URI, enabling remote code execution with partial to high impact as per the CVE description. No explicit remediation/patch details are prov...

9.8CVSS9.6AI score0.02157EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/04/04 8:20 a.m.16 views

urlaub12.de XSS vulnerability

Open Bug Bounty ID: OBB-596755 Description| Value ---|--- Affected Website:| urlaub12.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/04/04 8:17 a.m.11 views

boeking.vakantie24.nl XSS vulnerability

Open Bug Bounty ID: OBB-596751 Description| Value ---|--- Affected Website:| boeking.vakantie24.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/04/04 8:3 a.m.10 views

mavitravel.nl XSS vulnerability

Open Bug Bounty ID: OBB-596741 Description| Value ---|--- Affected Website:| mavitravel.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/04/04 7:54 a.m.13 views

lionsdivehotelcuracao.nl XSS vulnerability

Open Bug Bounty ID: OBB-596730 Description| Value ---|--- Affected Website:| lionsdivehotelcuracao.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
CVE
CVE
added 2017/11/27 10:0 a.m.39 views

CVE-2017-16956

Affected product: b3log Symphony (Sym) 2.2.0. Vulnerability: Cross-site scripting in the private messaging flow, exploited by sending a private letter with a specific /article URI followed by a second private letter with a modified title to obtain a user cookie. Root cause / impact: XSS issue ena...

6.1CVSS6AI score0.00745EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/11/18 1:0 p.m.48 views

CVE-2017-16881

The CVE-2017-16881 entry describes a Cross-Site Scripting (XSS) vulnerability in b3log Symphony (Sym) 2.2.0. A crafted userAvatarURL value sent to /settings/avatar can inject arbitrary scripts/HTML due to improper handling of JSON objects. The issue affects multiple components, including processo...

6.1CVSS5.9AI score0.00819EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/11/15 3:0 a.m.59 views

CVE-2017-16821

Vulnerability : b3log Symphony 2.2.0 is affected by an XSS in processor/AdminProcessor.java within the admin console, triggered by a crafted X-Forwarded-For header that is mishandled when displaying a client IP at /admin/user/userid. Impact : potential XSS in the admin interface as described. Rem...

5.4CVSS5.2AI score0.00479EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder