11240 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-6829
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive...
Linux Distros Unpatched Vulnerability : CVE-2024-47220
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a...
Linux Distros Unpatched Vulnerability : CVE-2020-27823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenJPEG's encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest...
webp crate may expose memory contents when encoding an image
Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode is large enough for the specified image dimensions. If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in...
CVE-2025-40927 CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some...
PT-2025-35161
Name of the Vulnerable Software and Affected Versions: CGI::Simple versions prior to 1.282 Description: CGI::Simple contains a HTTP response splitting flaw that allows HTTP response header injection. This can be exploited to perform reflected cross-site scripting XSS, open redirect, cache...
postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...
postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...
postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...
postgresql: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation
A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination...
PT-2025-35087
Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping System Advanced version 1.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in the register.php file. Unsanitized user input in the f name parameter is reflected in the server response...
Google Android Information Disclosure Vulnerability (CNVD-2025-19990)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by double encoding of URIs in multiple locations. The vulnerability can be exploited by an attacker to obtain sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2023-5512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions startin...
Linux Distros Unpatched Vulnerability : CVE-2025-30349
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail...
Linux Distros Unpatched Vulnerability : CVE-2023-26302
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as...
Linux Distros Unpatched Vulnerability : CVE-2022-31778
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue...
Linux Distros Unpatched Vulnerability : CVE-2024-35296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: fro...
Linux Distros Unpatched Vulnerability : CVE-2019-9917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service crash via invalid encoding. CVE-2019-9917 Note that Nessus relies on the presen...
PT-2025-44139
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the tty subsystem, specifically in the n gsm component. The issue arises from the potential to block the input queue while waiting for a Modem...
Linux Distros Unpatched Vulnerability : CVE-2019-17565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to...