Show filters
18 Total Results
Displaying 1-10 of 18
Sort by:
Attacker Value
Very High
CVE-2021-3156 "Baron Samedit"
Disclosure Date: January 26, 2021 (last updated January 15, 2025)
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
13
Attacker Value
Unknown
CVE-2021-45105
Disclosure Date: December 18, 2021 (last updated October 07, 2023)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
0
Attacker Value
Unknown
CVE-2021-2351
Disclosure Date: July 21, 2021 (last updated November 28, 2024)
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/A…
0
Attacker Value
Unknown
CVE-2021-29425
Disclosure Date: April 13, 2021 (last updated November 08, 2023)
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
0
Attacker Value
Unknown
CVE-2020-12723
Disclosure Date: June 05, 2020 (last updated November 08, 2023)
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
0
Attacker Value
Unknown
CVE-2020-10878
Disclosure Date: June 05, 2020 (last updated November 08, 2023)
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
0
Attacker Value
Unknown
CVE-2020-10543
Disclosure Date: June 05, 2020 (last updated November 08, 2023)
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
0
Attacker Value
Unknown
CVE-2020-10188 — Junos OS: Arbitrary code execution vulnerability in Telnet ser…
Disclosure Date: March 06, 2020 (last updated November 27, 2024)
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
0
Attacker Value
Unknown
CVE-2019-10219
Disclosure Date: November 08, 2019 (last updated November 08, 2023)
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
0
Attacker Value
Unknown
CVE-2019-10086
Disclosure Date: August 20, 2019 (last updated November 08, 2023)
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
0