Lucene search
K

117 matches found

OSV
OSV
added 2024/08/23 11:8 a.m.3 views

OESA-2024-2022 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

7.8CVSS7.1AI score0.00288EPSS
Exploits0References2
Redos
Redos
added 2024/07/08 12:0 a.m.4 views

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

8.6CVSS7.2AI score0.36081EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.9 views

The vulnerability of the gfs2PutSuper() function in the gfs2 file system of Linux kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the gfs2PutSuper function in the fs/gfs2/super.c file of the Linux kernel’s file system gfs2 is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

7.8CVSS7.2AI score0.00269EPSS
Exploits0References11Affected Software3
Debian CVE
Debian CVE
added 2024/05/20 9:47 a.m.20 views

CVE-2024-35983

In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIGNRCPUS bitsper rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations...

5.5CVSS7.3AI score0.00236EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/05/07 3:50 p.m.6 views

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

7.5CVSS7.1AI score0.91327EPSS
Exploits2References7
Amazon
Amazon
added 2024/05/03 12:0 a.m.7 views

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

8.2CVSS6.7AI score0.87211EPSS
Exploits3
Amazon
Amazon
added 2024/04/02 12:0 a.m.7 views

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

7.5CVSS6.8AI score0.23072EPSS
Exploits1
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.3 views

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.2 and iPadOS version 17.2, which originates from an application th...

5.5CVSS4.4AI score0.00354EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2023/12/05 9:15 p.m.8 views

egdrive (=0.1.3), ersilia (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2023-49297 via pydrive2 (>=1.14.0 <=1.15.4)

pydrive2 PYPI version =1.14.0, =0.1.0, =0.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.3 Source cves: CVE-2023-49297 Source advisory: OSV:PYSEC-2023-291...

7.8CVSS7.1AI score0.0051EPSS
Exploits1
OSV
OSV
added 2023/10/28 2:15 a.m.3 views

UBUNTU-CVE-2023-46569

An out-of-bounds read in radare2 v.5.8.9 and before exists in the printinsn32fpu function of libr/arch/p/nds32/nds32-dis.h...

9.8CVSS7.3AI score0.0091EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/10/23 12:0 a.m.5 views

The vulnerability of the Go programming language-based http2 package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s http2 package is related to an uncontrolled resource consumption by the server due to the incorrect setting of the Server.MaxConcurrentStreams parameter when processing request streams. Exploiting this vulnerability can allow a remote attacker to...

7.8CVSS6.5AI score0.03796EPSS
Exploits0References14Affected Software20
OSV
OSV
added 2023/08/31 12:16 p.m.1 views

BELL-CVE-2022-43552 CVE-2022-43552 does not affect BellSoft software

Bulletin has no description...

5.9CVSS5.8AI score0.02511EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.7 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.3CVSS5.1AI score0.00608EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.5 views

Snap One OvrC Pro 数据伪造问题漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. A data forgery issue vulnerability exists in Snap One OvrC Pro 7.2 and prior versions, which stems from the lack of a complete PKI system firmware signature, and can be exploited by an attacker to...

9.8CVSS9.2AI score0.00419EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.9 views

DHIS 2 安全漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 versions prior to 2.37.9.1, prior to 2.38.3.1, and prior to 2.39.1.2, which stems from the use of object model traversal ...

7.1CVSS6.4AI score0.00609EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.4 views

PT-2023-9990 · Arc2 · Arc2

Name of the Vulnerable Software and Affected Versions: ARC aka ARC2 through 2011-12-01 Description: The issue allows blind SQL Injection in the getTriplePatternSQL function within ARC2 StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. Recommendations: For ARC aka ARC2 through...

9.8CVSS8.5AI score0.00752EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.4 views

SUSE CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service disk corruption via backspace characters in the 1 grubusernameget function in grub-core/normal/auth.c or the 2...

7.4CVSS7AI score0.01104EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...

7.3CVSS8.7AI score0.01418EPSS
Exploits1References8
OSV
OSV
added 2022/12/21 6:30 a.m.12 views

GHSA-4W2J-2RG4-5MJW vm2 vulnerable to Arbitrary Code Execution

The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS7.2AI score0.01425EPSS
Exploits1References6
Circl
Circl
added 2022/08/04 10:20 p.m.9 views

CVE-2022-33968

creationtimestamp| type| source ---|---|--- 2022-08-04 22:20:09+00:00| seen| https://t.me/cibsecurity/47584...

4.9CVSS5AI score0.00461EPSS
Exploits0References1
Rows per page
Query Builder