heap-buffer-overflow in utf_ptr2char
Description Heap-buffer-overflow in utf_ptr2char at mbyte.c:1825. vim version git log commit f0300fc7b81e63c2584dc3a763dedea4184d17e5 (grafted, HEAD -> master, tag: v9.0.1365, origin/master, origin/HEAD) # Proof of Concept ``` ./vim -u NONE -i NONE -n -m -X -Z -e -s -S poc8_hbo.dat -c :qa...
6.6CVSS
6.9AI Score
0.0004EPSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.4CVSS
5.3AI Score
0.001EPSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
5.4CVSS
5.4AI Score
0.001EPSS
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the...
7.3AI Score
0.002EPSS
Malicious code in karma-jquery2 (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (55d521035684c4dbe2c48fd0ee90ce405fbfb292a771e6c278ad707668d648a0) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps...
0.2AI Score
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC [widgets_on_pages.....
5.4CVSS
5AI Score
0.0004EPSS
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...
5.4CVSS
5.2AI Score
0.0004EPSS
Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities
Thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints remain vulnerable to two critical security flaws disclosed by the company over the last few months. The issues in question are CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), which were addressed by the...
9.8CVSS
0.3AI Score
Important Photon OS Security Update - PHSA-2022-0550
Updates of ['grub2'] packages of Photon OS have been...
9.8CVSS
1.7AI Score
0.001EPSS
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or...
9.8CVSS
9.9AI Score
0.004EPSS
Upgraded Q -> M from #81 [1670783437328]
Judge has assessed an item in Issue #81 as M risk. The relevant finding follows: After carefully reading all submissions related to the use of selfdestruct, I will change my stance on this kind of issue. Changing the severity back to Medium. The text was updated successfully, but these errors...
6.9AI Score
Consideration of tokens with decimals higher than 18
Lines of code https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L112-L144 Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check...
6.8AI Score
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack...
6.5AI Score
0.001EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID...
7.3AI Score
0.002EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
7.2AI Score
0.006EPSS
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE...
8.1AI Score
0.017EPSS
Illumina Local Run Manager (Update A)
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Local Run Manager (LRM) Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information ...
9.2AI Score
0.002EPSS
Description of the security update for Outlook 2013: August 9, 2022 (KB5001990)
Description of the security update for Outlook 2013: August 9, 2022 (KB5001990) Summary This security update resolves a Microsoft Outlook denial of service vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-35742. Note: To apply this...
7.5AI Score
0.001EPSS
buyoutPrice precision is lost in Buyout's start and Migration's commit
Lines of code Vulnerability details Buyout's start() now determine the price for buyout with the truncation to 1% of supply. When buyout initiator brings in the big enough amount of fractional tokens current formula can yield substantial mispricing of initiator's fractional tokens value, which...
6.7AI Score
Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an...
-0.7AI Score
Heap-use-after-free in mrb_bint_new_str
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48873 Crash type: Heap-use-after-free READ 1 Crash state: mrb_bint_new_str mrb_vm_exec...
-0.3AI Score
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this...
9.8CVSS
9.7AI Score
0.002EPSS
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code...
9.8CVSS
9.6AI Score
0.002EPSS
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including...
5.9CVSS
6.1AI Score
0.001EPSS
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive...
9.1CVSS
9.3AI Score
0.002EPSS
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory...
9.8CVSS
9.4AI Score
0.002EPSS
Malicious code in @qwui/core (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d7a178c9b2eceaabfd8cacccbdfb4474c0c3c12bf4349aaa4865586aba20b8bb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing (NGS) software. Three of the flaws are rated 10 out of 10 for severity on the Common...
4.2AI Score
Users will lose all of their money during pool migration
Lines of code https://github.com/code-423n4/2022-05-backd/blob/1136e0cdc8579614a33832fe2a21785d60aac19b/protocol/contracts/pool/LiquidityPool.sol#L527-L559 Vulnerability details Impact Users will lose all of their money when they migrate by calling PoolMigrationZap.migrate() Proof of Concept File:....
6.8AI Score
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component...
9.8CVSS
7.7AI Score
0.002EPSS
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component...
9.8CVSS
7.9AI Score
0.002EPSS
ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect
Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect...
5.8AI Score
0.003EPSS
ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect
Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect...
5.9AI Score
0.003EPSS
A server-generated error message containing sensitive information vulnerability [CWE-550] in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes...
4.3CVSS
4.8AI Score
0.001EPSS
7.5AI Score
0.003EPSS
7.5AI Score
0.003EPSS
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive...
7.5CVSS
7.5AI Score
0.003EPSS
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive...
6.8AI Score
0.003EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
7.8CVSS
5.4AI Score
0.002EPSS
Heap-based Buffer Overflow occurs in vim
Description Heap-based Buffer Overflow occurs in suggest_try_change(). commit : d0b7bfa95798f5ec743d8afffbffb83aeac823da # Proof of Concept ``` $ echo -ne "c2UgZW5jb2Rpbmc9aXNvODg1OQpub3JtMFIwMDAwMDAwMDAwMApzaWwwbm9ybRYwCmZ1IFIoKQpz aWwhbm9ybRZpMDAwMDApCmNhbCBSKCkKbm9ybTF6PQplbmRmCmNhbCBSKCk=" |...
7.8CVSS
7.7AI Score
0.001EPSS
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous.....
10CVSS
-0.2AI Score
Exploit for Authentication Bypass by Spoofing in Apache Apisix
CVE-2022-24112 CVE-2022-24112 check Affected version...
9.8CVSS
4.1AI Score
9.2AI Score
0.002EPSS
libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the XML_GetBuffer function of xmlparse.c. as it does not properly check INT_MAX byte length against the XML_CONTEXT_BYTES, allowing an attacker to cause an application crash through the...
9.8CVSS
3.6AI Score
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
2.1AI Score
0.014EPSS
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero...
9.8CVSS
3.2AI Score
0.014EPSS
9.6AI Score
0.014EPSS
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero...
9.8CVSS
9.6AI Score
0.01EPSS
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Notes Author| Note ---|--- sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat...
9.4AI Score
0.014EPSS