Page 115 of 35250 results (0.342 seconds)

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. • https://github.com/Admidio/admidio/security/advisories/GHSA-7c4c-749j-pfp2 • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. • https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712 https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700 https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4 https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154 https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 https://openssl-library.org/news/secadv/20241016.txt • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Docker Desktop anterior a v4.34.3 permite RCE a través de un enlace de origen de GitHub no desinfectado en la vista de compilación. • https://docs.docker.com/desktop/release-notes/#4343 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob •