108 matches found
CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...
CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...
CVE-2019-10082
CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...
CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...
VideoLAN VLC media player digital error vulnerability (CNVD-2019-31065)
VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A numeric error...
FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)
SO-AND-SO reports : SECURITY: CVE-2019-10081 modhttp2: HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data...
CVE-2019-10082
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...
Cross site request forgery (csrf)
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...
CVE-2019-0196
The CVE-2019-0196 issue affects Apache HTTP Server 2.4.x (noted in several advisories) where the http/2 request handling could access freed memory during a string comparison to determine the request method, potentially causing incorrect request processing. This is tied to mod_http2 and is describ...
IBM Jazz for Service Management Input Validation Error Vulnerability
IBM Jazz for Service Management is an integrated service management product from IBM that provides visibility into the service management environment. An input validation error vulnerability exists in IBM Jazz for Service Management. The vulnerability originates from a network system or product...
Memory corruption
nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...
Apache Httpd < 2.4.41 : mod_http2, read-after-free in h2 connection shutdown
Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...
Apache HTTP Server < 2.4.39 Multiple Vulnerabilities
Binary data 700509.prm...
Teeworlds Integer Overflow Vulnerability
Teeworlds is a free online multiplayer game. An integer overflow vulnerability exists in CDataFileReader::Open in engine/shared/datafile.cpp in Teeworlds 0.7.2, which arises from a networked system or product that does not properly compute or convert the resulting numbers, and can be exploited by...
Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...
CVE-2019-0196
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...
Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD Command Injection Vulnerability
The Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD are both high power WLAN wireless transceivers from Phoenix Contact, Germany. A command injection vulnerability exists in the PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS, which can be exploited by an attacker to...
Apache Httpd < 2.4.39 : mod_http2, read-after-free on a string compare
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly...
CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...
Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09508)
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...