Lucene search
K

2562 matches found

Prion
Prion
added 2021/06/22 7:15 p.m.15 views

Race condition

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...

3.5CVSS5.2AI score0.00398EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/06/21 12:0 a.m.40 views

Apache Tomcat 10.0.0.M1 < 10.0.0.M8

The version of Tomcat installed on the remote host is prior to 10.0.0.M8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.0.0-m8security-10 advisory. - If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to...

4.3CVSS6.9AI score0.57286EPSS
Exploits0References3
OSV
OSV
added 2021/06/12 11:2 a.m.3 views

OESA-2021-1216 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when...

5.3CVSS8.5AI score0.04385EPSS
Exploits2References3
OSV
OSV
added 2021/06/11 4:15 p.m.2 views

ALPINE-CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS7AI score0.02979EPSS
Exploits1References1
OSV
OSV
added 2021/06/11 4:15 p.m.9 views

AZL-6358 CVE-2021-22897 affecting package curl for versions less than 7.76.0-5

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.6AI score0.02979EPSS
Exploits1References1
Prion
Prion
added 2021/06/11 4:15 p.m.36 views

Code injection

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

4.3CVSS5.4AI score0.02979EPSS
Exploits1References8Affected Software9
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.38 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.8AI score0.02979EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2021/06/11 3:49 p.m.31 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.8AI score0.02979EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.41 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS6.5AI score0.02979EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.5 views

PT-2024-11285 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition in the snd seq timer open function, where the timer instance per queue is exclusive, but concurrent accesses are not properly managed. This can...

9.8CVSS6.7AI score0.17563EPSS
Exploits8References1210
OSV
OSV
added 2021/06/07 11:2 a.m.2 views

OESA-2021-1203 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accept...

7.5CVSS6.7AI score0.01599EPSS
Exploits0References2
curl security advisories
curl security advisories
added 2021/05/26 8:0 a.m.6 views

Schannel cipher selection surprise

libcurl lets applications specify which specific TLS ciphers to use in transfers, using the option called CURLOPTSSLCIPHERLIST. The cipher selection is used for the TLS negotiation when a transfer is done involving any of the TLS based transfer protocols libcurl supports, such as HTTPS, FTPS,...

5.3CVSS6.3AI score0.02979EPSS
Exploits1References1Affected Software2
RedhatCVE
RedhatCVE
added 2021/05/24 4:42 a.m.53 views

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

9.8CVSS2.2AI score0.02743EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/05/19 12:0 a.m.93 views

RHEL 8 : httpd:2.4 (RHSA-2021:1809)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1809 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie...

9.8CVSS7.2AI score0.90039EPSS
Exploits4References18
RedHat Linux
RedHat Linux
added 2021/05/18 4:7 p.m.5 views

kernel: netfilter: use-after-free in the packet processing context

A use-after-free flaw was found in the packet processing context in net/netfilter/xtables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAPNETADMIN capability in an...

6.7CVSS7AI score0.00444EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/05/18 3:49 p.m.3 views

kernel: netfilter: use-after-free in the packet processing context

A use-after-free flaw was found in the packet processing context in net/netfilter/xtables.c in netfilter in the Linux Kernel. This issue occurs when the per-CPU sequence count is mishandled during concurrent iptables rules replacement and can be exploited with the CAPNETADMIN capability in an...

6.7CVSS7AI score0.00444EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2021/05/18 6:9 a.m.21 views

new module: subversion:1.14

An update is available for subversion, utf8proc, libserf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system...

1.3AI score
Exploits0
OSV
OSV
added 2021/05/18 1:27 a.m.211 views

GHSA-Q28M-8XJW-8VR5 Puma's Keepalive Connections Causing Denial Of Service

This vulnerability is related to CVE-2019-16770. Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process...

7.5CVSS7.4AI score0.01599EPSS
Exploits0References9
NVD
NVD
added 2021/05/11 5:15 p.m.21 views

CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

7.5CVSS0.01599EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/05/11 5:15 p.m.39 views

CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

7.5CVSS6.5AI score0.01599EPSS
Exploits0References4
Rows per page
Query Builder