Page 439 of 45857 results (0.087 seconds)

CVSS: 6.2EPSS: %CPEs: -EXPL: 0

Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT<T>::read_pre_data128_from_file function. • https://github.com/FudanMPL/Vulnerabilities-in-MPC-Framework/tree/main/emp-ot/stack-buffer-overflow-ferret_cot https://github.com/emp-toolkit/emp-ot/issues/89 • CWE-121: Stack-based Buffer Overflow •

CVSS: 5.5EPSS: %CPEs: -EXPL: 0

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. • http://cloud.com http://www.minipacs.com/ylqxrj https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: %CPEs: -EXPL: 0

Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. • https://gist.github.com/cgnl/672ace3cbad1116fcd9ae633e54ea9f8 •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

When running a remote execution job on a host, the host's SSH key is not being checked. ... This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it. • https://access.redhat.com/security/cve/CVE-2024-4871 https://bugzilla.redhat.com/show_bug.cgi?id=2278627 https://access.redhat.com/errata/RHBA-2024:4589 • CWE-322: Key Exchange without Entity Authentication •