Lucene search
K

108 matches found

OSV
OSV
added 2019/09/26 4:15 p.m.35 views

CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

9.1CVSS6.4AI score
Exploits0References16
Cvelist
Cvelist
added 2019/09/26 2:40 p.m.55 views

CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

9.1AI score0.16549EPSS
Exploits0References16
CVE
CVE
added 2019/09/26 2:40 p.m.3491 views

CVE-2019-10082

CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...

9.1CVSS8.9AI score0.16549EPSS
Exploits0References16Affected Software1
Debian CVE
Debian CVE
added 2019/09/26 2:40 p.m.39 views

CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

9.1CVSS6.5AI score0.16549EPSS
Exploits0
CNVD
CNVD
added 2019/08/21 12:0 a.m.2 views

VideoLAN VLC media player digital error vulnerability (CNVD-2019-31065)

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A numeric error...

7.8CVSS7.1AI score0.01484EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.61 views

FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)

SO-AND-SO reports : SECURITY: CVE-2019-10081 modhttp2: HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data...

9.1CVSS6.9AI score0.81466EPSS
Exploits6References7
UbuntuCve
UbuntuCve
added 2019/08/14 12:0 a.m.41 views

CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

9.1CVSS6.8AI score0.16549EPSS
Exploits0References3
Prion
Prion
added 2019/06/11 10:29 p.m.25 views

Cross site request forgery (csrf)

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5CVSS5.9AI score0.193EPSS
Exploits0References36Affected Software3
CVE
CVE
added 2019/06/11 9:2 p.m.2203 views

CVE-2019-0196

The CVE-2019-0196 issue affects Apache HTTP Server 2.4.x (noted in several advisories) where the http/2 request handling could access freed memory during a string comparison to determine the request method, potentially causing incorrect request processing. This is tied to mod_http2 and is describ...

5.3CVSS6AI score0.193EPSS
Exploits0References36Affected Software1
CNVD
CNVD
added 2019/06/06 12:0 a.m.3 views

IBM Jazz for Service Management Input Validation Error Vulnerability

IBM Jazz for Service Management is an integrated service management product from IBM that provides visibility into the service management environment. An input validation error vulnerability exists in IBM Jazz for Service Management. The vulnerability originates from a network system or product...

7.4CVSS6.7AI score0.01035EPSS
Exploits0References1
Prion
Prion
added 2019/05/15 6:29 p.m.23 views

Memory corruption

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

4.3CVSS6.5AI score0.01771EPSS
Exploits1References3
Apache Httpd
Apache Httpd
added 2019/04/12 12:0 a.m.95 views

Apache Httpd < 2.4.41 : mod_http2, read-after-free in h2 connection shutdown

Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

9.1CVSS0.6AI score0.16549EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.73 views

Apache HTTP Server < 2.4.39 Multiple Vulnerabilities

Binary data 700509.prm...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References7
CNVD
CNVD
added 2019/04/08 12:0 a.m.2 views

Teeworlds Integer Overflow Vulnerability

Teeworlds is a free online multiplayer game. An integer overflow vulnerability exists in CDataFileReader::Open in engine/shared/datafile.cpp in Teeworlds 0.7.2, which arises from a networked system or product that does not properly compute or convert the resulting numbers, and can be exploited by...

9.8CVSS7.2AI score0.04967EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.37 views

Apache HTTP Server < 2.4.39 mod_http2 Use-After-Free Vulnerability - Windows

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a reference...

5.3CVSS6.5AI score0.193EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/04/02 12:0 a.m.40 views

CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

5.3CVSS6.7AI score0.193EPSS
Exploits0References3
CNVD
CNVD
added 2019/03/27 12:0 a.m.1 views

Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD Command Injection Vulnerability

The Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD are both high power WLAN wireless transceivers from Phoenix Contact, Germany. A command injection vulnerability exists in the PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS, which can be exploited by an attacker to...

9CVSS7.8AI score0.03463EPSS
Exploits0References1
Apache Httpd
Apache Httpd
added 2019/01/29 12:0 a.m.79 views

Apache Httpd < 2.4.39 : mod_http2, read-after-free on a string compare

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly...

5.3CVSS1.1AI score0.193EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/07/15 1:29 a.m.13 views

CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf...

6.5CVSS6.5AI score0.01463EPSS
Exploits0References4
CNVD
CNVD
added 2017/06/01 12:0 a.m.3 views

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09508)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

8.8CVSS7.9AI score0.01423EPSS
Exploits0References1
Rows per page
Query Builder