Lucene search
+L

256 matches found

RedHat Linux
RedHat Linux
added 2024/03/05 8:23 a.m.3 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/02/08 6:33 p.m.7 views

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

7.5CVSS6.8AI score0.0125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/30 1:28 p.m.5 views

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.4AI score0.01888EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/01/30 1:27 p.m.3 views

urllib3: Request body not stripped after redirect from 303 status changes request method to GET

A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as POST to GET, as is required by HTTP...

4.2CVSS7.2AI score0.00544EPSS
Exploits0References7
OSV
OSV
added 2023/10/10 1:15 p.m.3 views

ALPINE-CVE-2023-43788

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

5.5CVSS6.5AI score0.00365EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/09/19 8:6 a.m.12 views

libwebp: Heap buffer overflow in WebP Codec

A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this...

8.8CVSS7.6AI score0.99735EPSS
Exploits9References8
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.7 views

PT-2023-27150 · Unknown +1 · Routinator +1

Name of the Vulnerable Software and Affected Versions: Routinator versions up to and including 0.12.1 Description: The issue is caused by insufficient input checking in the bcder library, which may lead to a crash when trying to parse certain malformed RPKI objects. Recommendations: For versions ...

7.5CVSS6.5AI score0.00515EPSS
Exploits0References6
OSV
OSV
added 2023/06/20 3:31 p.m.3 views

GHSA-6643-H7H5-X9WH Langchain vulnerable to arbitrary code execution

Langchain 0.0.171 is vulnerable to Arbitrary code execution in loadprompt...

9.8CVSS6.3AI score0.00943EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2023/05/16 8:14 a.m.38 views

libtiff: integer overflow in function TIFFReadRGBATileExt of the file

An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tifgetimage.c file, and may lead to a buffer overflow...

8.8CVSS6.2AI score0.01237EPSS
Exploits1References4
OSV
OSV
added 2023/04/11 9:15 p.m.4 views

UBUNTU-CVE-2023-26552

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS6.8AI score0.00645EPSS
Exploits0References4
Amazon
Amazon
added 2023/03/22 12:0 a.m.7 views

Important: nodejs

Issue Overview: An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this...

9.8CVSS8.4AI score0.92488EPSS
Exploits18
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.5 views

SUSE CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

5CVSS7.2AI score0.05575EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

5CVSS6.8AI score0.02566EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0037

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPTFOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to 1 trigger arbitrary requests to intranet servers, 2 read or overwrite arbitrary files via a redirect to a file:...

6.8CVSS7.6AI score0.07812EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.4 views

SUSE CVE-2017-14933

readformattedentries in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service infinite loop via a crafted ELF file...

5.5CVSS5.2AI score0.01275EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.5 views

SUSE CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS7.1AI score0.02066EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/01/25 9:20 a.m.4 views

golang: net/http: handle server errors after sending GOAWAY

A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...

7.5CVSS6.6AI score0.02607EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 5:55 p.m.6 views

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

8.8CVSS6.9AI score0.01199EPSS
Exploits0References5
OSV
OSV
added 2022/11/09 10:15 p.m.2 views

CVE-2022-41092

Windows Win32k Elevation of Privilege Vulnerability...

7.8CVSS5.8AI score0.00683EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/11/07 12:0 a.m.10 views

The vulnerability of the PJMEDIA RTP decoder and the PJMEDIA SDP parser of the multimedia communication library PJSIP allows a perpetrator to execute arbitrary code.

The vulnerability of the PJMEDIA RTP decoder and the PJMEDIA SDP parser, which are part of the PJSIP multimedia communication library, stems from the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.01084EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder