Lucene search
K

234 matches found

Ubuntu
Ubuntu
added 2023/05/10 3:11 p.m.86 views

USN-6071-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the...

7.8CVSS7.2AI score0.0788EPSS
Exploits18
Ubuntu
Ubuntu
added 2023/04/19 2:15 p.m.111 views

USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the System V IPC...

7.9CVSS7.6AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/04/11 5:29 p.m.64 views

USN-6004-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

8.8CVSS7.7AI score0.71737EPSS
Exploits7
Openbugbounty
Openbugbounty
added 2023/04/09 9:56 a.m.9 views

vc-wiesbaden.de Cross Site Scripting vulnerability OBB-3255311

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.8AI score
Exploits0
Ubuntu
Ubuntu
added 2023/03/31 12:58 p.m.82 views

USN-5991-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Amazon
Amazon
added 2023/03/21 12:0 a.m.4 views

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 A...

7.1CVSS5AI score0.00419EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.3 views

SUSE CVE-2008-5079

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service kernel infinite loop by making two calls to svclisten for the same socket, and then reading a /proc/net/atm/vc file, related to corruption of the vcc table...

5.5CVSS6.2AI score0.01094EPSS
Exploits5References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8647

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vcdoresize function in drivers/tty/vt/vt.c...

4.4CVSS6.3AI score0.00413EPSS
Exploits0References19
NVD
NVD
added 2023/02/13 3:15 p.m.30 views

CVE-2023-0159

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

7.5CVSS7.6AI score0.55736EPSS
Exploits3References1
Prion
Prion
added 2023/02/13 3:15 p.m.21 views

Design/Logic Flaw

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

5CVSS7.6AI score0.55736EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.36 views

CVE-2023-0159 Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...

7.8AI score0.55736EPSS
Exploits3References1
CVE
CVE
added 2023/02/13 2:32 p.m.94 views

CVE-2023-0159

The CVE-2023-0159 entry affects the WordPress plugin Extensive VC Addons for WPBakery page builder (versions prior to 1.9.1). The vulnerability arises from not validating a parameter passed to PHP’s extract function when loading templates, permitting an unauthenticated attacker to override the te...

7.5CVSS7.6AI score0.55736EPSS
In wildExploits3References1Affected Software1
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.12 views

WordPress plugin Extensive VC Addons for WPBakery page builder 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

7.5CVSS7.2AI score0.55736EPSS
Exploits3References3
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.18 views

WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion

Software Extensive VC Addons for WPBakery page builder Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0159 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 335c3e6ccfa2 Credits dc11 Required...

7.5CVSS6.8AI score0.55736EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2022/12/14 9:15 p.m.7 views

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

6.5CVSS5.8AI score0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.9 views

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

7.1CVSS6.2AI score0.00692EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.4 views

PT-2022-33682 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: A potential security issue exists due to improper reversion of changes when the vc resize function fails. The actual impact and attack plausibility have not yet been proven. Recommendations...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/07/12 11:3 a.m.5 views

OESA-2022-1748 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Using the ioctl function to modify the vcfont.height value through PIOFONT can cause the KASAN: vmalloc-out-of-bounds in sysimageblit problem. Requires tty group permissions to access the device file /dev/tty1.CVE-2021-33656...

6.8CVSS6.5AI score0.00537EPSS
Exploits0References2
OSV
OSV
added 2022/06/28 7:30 p.m.12 views

GSD-2022-1003599 x86/sev: Annotate stack change in the #VC handler

x86/sev: Annotate stack change in the VC handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 6:44 p.m.9 views

GSD-2022-1003094 x86/sev: Annotate stack change in the #VC handler

x86/sev: Annotate stack change in the VC handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder