Lucene search
K

56 matches found

Amazon
Amazon
added 2024/05/28 12:0 a.m.4 views

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.7AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/15 12:0 a.m.3 views

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

5.3CVSS6.8AI score0.01208EPSS
Exploits0
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing data to be read from devqueuexmitnit and packetgetsockopt via ignoreoutgoing...

4.7CVSS6.6AI score0.00208EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.19 views

PT-2024-4891 · Oracle · Oracle Complex Maintenance

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...

6.4CVSS6.7AI score0.00362EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/02/07 12:0 a.m.6 views

The vulnerability of the Web Server component of the Oracle BI Publisher software, which allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Web Server component of the Oracle BI Publisher software for report creation is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...

5.5CVSS6.6AI score0.00308EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.03796EPSS
Exploits0
Amazon
Amazon
added 2024/02/05 12:0 a.m.6 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.01364EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.5 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS7.1AI score0.03796EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/12/07 2:5 a.m.4 views

SUSE CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

7.5CVSS7AI score0.01208EPSS
Exploits0References10
OSV
OSV
added 2023/12/06 5:15 p.m.6 views

AZL-37446 CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

5.3CVSS6.7AI score0.01208EPSS
Exploits0References1
OSV
OSV
added 2023/12/06 5:15 p.m.5 views

AZL-79114 CVE-2023-39326 affecting package golang 1.25.7-1

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

5.3CVSS6.7AI score0.01208EPSS
Exploits0References1
OSV
OSV
added 2023/12/06 12:0 a.m.1 views

UBUNTU-CVE-2023-39326

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

5.3CVSS6.8AI score0.01208EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/12/06 12:0 a.m.3 views

Google Golang Security Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

5.3CVSS7.1AI score0.01208EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.6 views

Oracle iReceivables 安全漏洞

Oracle iReceivables is an online account management application from Oracle Corporation USA. A security vulnerability exists in Oracle iReceivables versions 12.2.3-12.2.12, which can be exploited by an attacker to compromise Oracle iReceivables via HTTP access over the network, as well as...

4.3CVSS6.4AI score0.00481EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5545

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: GUI. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

6.3CVSS6AI score0.01488EPSS
Exploits0References5
OSV
OSV
added 2022/10/18 9:15 p.m.6 views

CVE-2022-21629

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

5.4CVSS5.8AI score0.00422EPSS
Exploits0References1
OSV
OSV
added 2022/07/19 10:15 p.m.2 views

CVE-2022-21555

Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL component: Shell: GUI. Supported versions that are affected are 1.1.8 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Shell for VS Code executes to...

4.2CVSS5.8AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.4 views

CVE-2022-21260

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...

6.1CVSS6.7AI score0.00946EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/19 12:15 p.m.4 views

CVE-2022-21259

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...

6.1CVSS6.8AI score0.00946EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.2 views

Oracle MySQL Server 输入验证错误漏洞

Oracle MySQL Server, a relational database from Oracle Corporation, is vulnerable in the Server: GIS component of Oracle MySQL Server 8.0.25 and earlier. An attacker can use this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly complete denial of service, as well as...

8CVSS7.8AI score0.01729EPSS
Exploits0References13
Rows per page
Query Builder