Lucene search
K

105 matches found

NVD
NVD
added 2024/12/12 2:3 a.m.25 views

CVE-2024-47540

GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...

9.8CVSS0.01005EPSS
Exploits0References4
CNVD
CNVD
added 2024/11/21 12:0 a.m.9 views

Unspecified vulnerability in Linux kernel (CNVD-2024-46428)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that stems from an execution queue leak. No details of the vulnerability are provided at this time...

5.5CVSS6.8AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.5 views

PT-2024-8536 · Unknown +4 · Modules::Scandeps +4

Name of the Vulnerable Software and Affected Versions: Modules::ScanDeps versions prior to 1.36 Description: The issue is related to the Modules::ScanDeps library, which does not properly sanitize input. This can allow an attacker to execute arbitrary shell commands. A local attacker could exploi...

7.8CVSS7AI score0.19924EPSS
Exploits16References71
CNVD
CNVD
added 2024/10/31 12:0 a.m.4 views

Tenda AC7 ate_ifconfig_set function command injection vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a command injection vulnerability that stems from ateifconfigset failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary command...

8.8CVSS8.1AI score0.01674EPSS
Exploits1References1
Veracode
Veracode
added 2024/09/19 5:7 a.m.11 views

Execution With Unnecessary Privileges

github.com/openshift/builder is vulnerable to Execution With Unnecessary Privileges. The vulnerability is caused due to improper validation of the spec.source.secrets.secret.destinationDir attribute, allowing path traversal that enables a malicious user to override executable files inside the...

9.1CVSS7.4AI score0.02301EPSS
Exploits3References12Affected Software1
CNVD
CNVD
added 2024/01/11 12:0 a.m.10 views

GTKWave out-of-bounds write vulnerability (CNVD-2024-04856)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An out-of-bounds write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vzt files...

7.8CVSS7.5AI score0.00436EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/11 12:0 a.m.10 views

GTKWave Arbitrary Write Vulnerability (CNVD-2024-04851)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...

7.8CVSS7.4AI score0.00432EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/08 12:0 a.m.5 views

Google Chrome memory misreference vulnerability (CNVD-2024-10413)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in the WebGPU. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS7.3AI score0.00998EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/03 10:55 a.m.12 views

CVE-2023-3662 CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries

In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context...

7.3CVSS7.2AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/14 12:0 a.m.10 views

PT-2023-25985 · Unknown · Zenstruck/Collections

Name of the Vulnerable Software and Affected Versions: zenstruck/collections versions prior to 0.2.1 Description: The issue arises from passing callable strings, such as system, which causes the function to be executed. This results in a limited subset of specific user input being executed as if ...

8.8CVSS8.3AI score0.00754EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/07/13 10:15 a.m.39 views

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

6.1CVSS6.4AI score0.00604EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.5 views

PT-2023-20663 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.2-milestone-1 through 14.8 XWiki Platform versions 14.4 through 14.4.5 XWiki Platform versions 13.10 through 13.10.9 Description: XWiki Platform is a generic wiki platform where, starting in version 6.2-milestone-1,...

9.9CVSS8.6AI score0.01107EPSS
Exploits1References10
NVD
NVD
added 2023/02/17 6:15 p.m.22 views

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

7CVSS7.2AI score0.00242EPSS
Exploits1References2
OSV
OSV
added 2022/07/28 11:15 p.m.5 views

PYSEC-2022-43163

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

9.8CVSS9.6AI score0.01011EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/10 8:34 p.m.30 views

CVE-2022-29129 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

...

8.8CVSS9.4AI score0.02658EPSS
Exploits0References1
Veracode
Veracode
added 2021/07/24 8:55 a.m.7 views

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A stack-based buffer overflow in Printing allows an attacker to execute arbitrary code on the host OS...

8.8CVSS8AI score0.01737EPSS
Exploits1References9Affected Software3
Positive Technologies
Positive Technologies
added 2021/02/02 12:0 a.m.10 views

PT-2021-2444

Name of the Vulnerable Software and Affected Versions: Apache Tomcat affected versions not specified Description: The issue is related to a configuration server implementation vulnerability in Apache Tomcat, which involves the recovery of unreliable data in memory due to buffer deserialization. A...

10CVSS7.6AI score0.99999EPSS
Exploits196References202
Veracode
Veracode
added 2020/05/10 11:22 p.m.30 views

Arbitrary Code Execution

imagemagick is vulnerable to arbitrary code execution. A heap-based buffer over-read in MagickCore/fourier.c allows an attacker to execute code on the system due to incorrect calls to GetCacheViewVirtualPixels...

8.8CVSS4.9AI score0.02827EPSS
Exploits1References6Affected Software2
Positive Technologies
Positive Technologies
added 2020/04/29 12:0 a.m.13 views

PT-2020-4638

Name of the Vulnerable Software and Affected Versions jQuery versions 1.2 through 3.5.0 Description The issue is related to the execution of untrusted code when passing HTML from untrusted sources to jQuery's DOM manipulation methods, such as .html, .append, and others, even after sanitizing the...

8.6CVSS7.5AI score0.99019EPSS
Exploits7References361
Cvelist
Cvelist
added 2020/02/24 5:42 p.m.29 views

CVE-2019-10799

compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...

8.3AI score0.02266EPSS
Exploits1References2
Rows per page
Query Builder