Lucene search
+L

280 matches found

OSV
OSV
added 2022/02/27 3:12 a.m.11 views

GSD-2022-1000479 scsi: ufs: Fix a deadlock in the error handler

scsi: ufs: Fix a deadlock in the error handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.25 by commit...

7.2AI score
Exploits0
Veracode
Veracode
added 2021/12/14 3:57 p.m.20 views

Denial Of Service (DoS)

mercurius is vulnerable to denial of service. an attacker can crash the application by sending a malformed JSON to /graphql using a custom error handler...

7.5CVSS1.6AI score0.01522EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/13 9:33 p.m.32 views

Uncaught Exception in mercurius

Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...

7.5CVSS1.1AI score0.01522EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/12/13 9:33 p.m.28 views

GHSA-273R-RM8G-7F3X Uncaught Exception in mercurius

Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...

7.5CVSS7.4AI score0.01522EPSS
Exploits0References5
NVD
NVD
added 2021/12/13 8:15 p.m.15 views

CVE-2021-43801

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

7.5CVSS0.01522EPSS
Exploits0References3
Prion
Prion
added 2021/12/13 8:15 p.m.26 views

Code injection

Mercurius is a GraphQL adapter for Fastify. Any users from email protected to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

5CVSS7.4AI score0.01522EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/12/13 7:30 p.m.59 views

CVE-2021-43801

Mercurius (GraphQL adapter for Fastify) versions 8.10.0–8.11.1 are vulnerable to a denial-of-service caused by sending a malformed JSON to /graphql. The issue is fixed in v8.11.2 (pull 678); a workaround is to use a custom error handler. No exploitation details are provided in the available docum...

7.5CVSS7.4AI score0.01522EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/12/13 7:30 p.m.18 views

CVE-2021-43801 Uncaught Exception in mercurius

Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. The vulnerability has been fixed in...

7.5CVSS7.6AI score0.01522EPSS
Exploits0References3
CNVD
CNVD
added 2021/12/13 12:0 a.m.20 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

6.1CVSS0.6AI score0.00652EPSS
Exploits0References1
OSV
OSV
added 2021/12/08 5:15 p.m.5 views

CVE-2021-36188

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers...

6.1CVSS5.9AI score0.00652EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Fortinet FortiWeb 跨站脚本漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

6.1CVSS5.5AI score0.00652EPSS
Exploits0References2
OSV
OSV
added 2021/11/29 2:38 a.m.10 views

GSD-2021-1002319 net/mlx5: Update error handler for UCTX and UMEM

net/mlx5: Update error handler for UCTX and UMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/11/29 2:38 a.m.14 views

UVI-2021-1002319 net/mlx5: Update error handler for UCTX and UMEM

net/mlx5: Update error handler for UCTX and UMEM This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2021/06/24 8:50 p.m.18 views

CVE-2021-32712 Information leakage in Error Handler

Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview...

5.3CVSS5.4AI score0.01135EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.5 views

Shopware 信息泄露漏洞

Shopware is an open source e-commerce platform. A sensitive information disclosure vulnerability exists in versions of Shopware prior to 5.6.10. An attacker can exploit this vulnerability to obtain leaked system information via Error Handler...

5.3CVSS5.6AI score0.01135EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/05/21 2:29 p.m.37 views

Information leakage in Error Handler

Impact Information leakage in Error Handler Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

3.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/05/21 2:29 p.m.8 views

GHSA-9VXV-WPV4-F52P Information leakage in Error Handler

Impact Information leakage in Error Handler Patches We recommend updating to the current version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. For older versions you can use the Security Plugin:...

7AI score
Exploits0References1
Prion
Prion
added 2020/12/24 6:15 p.m.30 views

Buffer overflow

Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to above any vulnerable arrays in the stack. The guard value is...

4.4CVSS7.9AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/12/18 9:15 a.m.26 views

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...

7.8CVSS7.7AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.6 views

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...

7.8CVSS7.1AI score0.00135EPSS
Exploits0References1
Rows per page
Query Builder