Lucene search
K

170 matches found

OSV
OSV
added 2023/12/22 11:6 a.m.3 views

OESA-2023-1958 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file...

5.3CVSS6.9AI score0.01133EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.4 views

WordPress Plugin Photo Gallery by Ays - Responsive Image Gallery Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Photo Gallery by Ays -...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.5 views

PT-2023-18329 · Unknown · Bluetooth Host

Name of the Vulnerable Software and Affected Versions: Bluetooth HOST affected versions not specified Description: The issue is related to a Transient Denial of Service DOS in the Bluetooth HOST. It occurs when passing a descriptor to validate a blacklisted Bluetooth keyboard. There is no...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References6
OSV
OSV
added 2023/08/03 8:15 a.m.2 views

CVE-2023-4117

A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4AI score
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/07/26 6:21 a.m.13 views

chrisimmo.fr Cross Site Scripting vulnerability OBB-3550968

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
OSV
OSV
added 2023/07/25 7:15 p.m.7 views

AZL-34631 CVE-2023-39128 affecting package crash for versions less than 8.0.4-3

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c...

5.5CVSS6.7AI score0.00289EPSS
Exploits1References1
OSV
OSV
added 2023/05/24 11:15 a.m.4 views

CVE-2023-2865

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file printticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate...

9.8CVSS6.5AI score0.00726EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/04/20 1:20 a.m.6 views

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

3.7CVSS6.9AI score0.01036EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3375

The epollctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLLCTLADD operations, which allows local users to cause a denial of service file-descriptor consumption and system crash via a crafted application that attempts to create a...

4.9CVSS6.1AI score0.0102EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.2 views

SUSE CVE-2014-8628

Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service memory consumption via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the...

7.8CVSS6.2AI score0.01718EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.4 views

SUSE CVE-2016-9773

Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556...

5.5CVSS8.9AI score0.01832EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:44 a.m.5 views

SUSE CVE-2017-9230

The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. Th...

7.5CVSS7.1AI score0.03251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash...

5.5CVSS6.9AI score0.00721EPSS
Exploits1References7
Snyk
Snyk
added 2022/12/27 10:44 a.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the...

7.8CVSS7.6AI score0.00986EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.4 views

PT-2022-23950 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

5.5CVSS7AI score0.0073EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.6 views

PT-2022-24059 · Libjpeg +1 · Libjpeg +1

Name of the Vulnerable Software and Affected Versions: libjpeg affected versions not specified Description: The issue allows attackers to cause a Denial of Service DoS via a crafted file, exploiting a segmentation fault in the HuffmanDecoder::Get function at huffmandecoder.hpp. Recommendations: A...

6.5CVSS6.1AI score0.0064EPSS
Exploits1References12
OSV
OSV
added 2022/07/26 1:15 p.m.5 views

AZL-10338 CVE-2021-33468 affecting package yasm 1.3.0-17

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS6AI score0.00317EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/05/24 5:12 p.m.6 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2162 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2162 Source advisory: OSV:GHSA-CRG2-6XV3-QG5F...

5.4CVSS6AI score0.01159EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/29 5:15 p.m.3 views

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

9CVSS7.2AI score0.01458EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/25 11:15 p.m.3 views

CVE-2021-40905

The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...

8.8CVSS7.8AI score0.02812EPSS
Exploits2References4
Rows per page
Query Builder