Lucene search
K

26 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 5:15 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01051EPSS
Exploits7References11
RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.11 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.00633EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2025/05/07 12:18 p.m.18 views

USN-7490-3: libsoup vulnerabilities

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a malicious...

9CVSS7.1AI score0.00832EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/29 5:19 a.m.11 views

CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

6.3CVSS6.7AI score0.00547EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/03/29 5:19 a.m.11 views

CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

6.3CVSS6.1AI score0.00547EPSS
Exploits1
Amazon
Amazon
added 2024/03/04 12:0 a.m.40 views

Important: shim

Issue Overview: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive...

8.3CVSS8.8AI score0.04852EPSS
Exploits0
NVD
NVD
added 2024/01/25 4:15 p.m.19 views

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

8.3CVSS8.4AI score0.04852EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2024/01/24 1:48 p.m.79 views

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

8.3CVSS9.6AI score0.04852EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/01/23 12:0 a.m.445 views

CVE-2023-40547

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

8.3CVSS7.5AI score0.04852EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.74 views

K28464509: PHP vulnerability CVE-2018-7584

Security Advisory Description In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in...

9.8CVSS8AI score0.87883EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.7 views

SUSE CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

6.5CVSS9.1AI score0.87883EPSS
Exploits3References6
OSV
OSV
added 2023/01/11 4:25 p.m.27 views

RLSA-2023:0077 Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.113 and .NET Runtime 6.0.13. The...

7.5CVSS7.6AI score0.0274EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/11/07 4:0 a.m.29 views

CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS1.9AI score0.03185EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.5 views

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

9.8CVSS7.5AI score0.87883EPSS
Exploits3References4
Veracode
Veracode
added 2019/05/02 5:1 a.m.28 views

Integer Overflow

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response,...

10CVSS7.6AI score0.14809EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2018/08/03 1:29 p.m.2 views

UBUNTU-CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS7.1AI score0.03185EPSS
Exploits1References3
CVE
CVE
added 2018/08/03 1:0 p.m.190 views

CVE-2018-14884

CVE-2018-14884 affects PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. The issue is caused by inappropriately parsing an HTTP response: http_header_value in ext/standard/http_fopen_wrapper.c can be NULL and mishandled in an atoi call, leading to a segmentation fault. Affecte...

7.5CVSS7.3AI score0.03185EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2018/06/06 12:0 a.m.14 views

PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow

PHP 7.2.2 - phpstreamurlwraphttpex Buffer Overflow Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if...

0.6AI score
Exploits0
OSV
OSV
added 2018/03/19 11:53 a.m.6 views

USN-3600-1 php5, php7.0, php7.1 vulnerabilities

It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. CVE-2016-10712 It was discovered that PHP incorrectly handled the PHAR 404 error page. A remote attacker...

9.8CVSS7.1AI score0.87883EPSS
Exploits4References4
OSV
OSV
added 2018/03/01 7:29 p.m.6 views

ALPINE-CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

9.8CVSS7.2AI score0.87883EPSS
Exploits3References1
Rows per page
Query Builder