Lucene search
K

1155 matches found

CNNVD
CNNVD
added 2021/07/14 12:0 a.m.5 views

Juniper Networks Junos OS Evolved 资源管理错误漏洞

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. A resource management error vulnerability exists in Junos OS Evolved due to an uncontrolled resource consumption vulnerability in the device's ARP daemon and Network Discovery Protocol process, which could all...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/07/13 12:0 a.m.1 views

PT-2021-5184 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the TCP/IP protocol in Microsoft Windows, specifically due to insufficient input validation. This can be exploited by a remote attacker to caus...

7.8CVSS7.1AI score0.03034EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/07/13 12:0 a.m.1 views

PT-2021-4153 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in the Windows operating system, caused by insufficient input validation. This can...

7.5CVSS7.2AI score0.03556EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/07/13 12:0 a.m.1 views

PT-2021-5194 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in Microsoft Windows, caused by insufficient input validation. This can be exploit...

7.8CVSS7.1AI score0.03034EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.47 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-2176)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...

5.3CVSS7.5AI score0.04385EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/07/13 12:0 a.m.28 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-2206)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in...

5.3CVSS7.5AI score0.04385EPSS
Exploits2References3
Gentoo Linux
Gentoo Linux
added 2021/07/09 12:0 a.m.99 views

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer formerly known as ethereal. Description Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

8.8CVSS3.4AI score0.03639EPSS
Exploits3
OSV
OSV
added 2021/06/24 11:58 p.m.6 views

UVI-2021-1000712 net: caif: add proper error handling

net: caif: add proper error handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.272 by commit a3536dce5895f714d9eead8afb92629a3fb5875b...

7.2AI score
Exploits0
OSV
OSV
added 2021/06/23 4:12 a.m.1 views

USN-5002-1 linux-hwe, linux-gke-5.3, linux-raspi2-5.3 vulnerability

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code...

7CVSS6.8AI score0.00431EPSS
Exploits1References2
Prion
Prion
added 2021/06/11 4:15 p.m.42 views

Stack overflow

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

2.6CVSS5.8AI score0.04385EPSS
Exploits1References14Affected Software11
AlpineLinux
AlpineLinux
added 2021/06/11 3:49 p.m.35 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

3.1CVSS5.7AI score0.04385EPSS
Exploits1
CVE
CVE
added 2021/06/11 3:49 p.m.404 views

CVE-2021-22898

CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...

3.1CVSS5.3AI score0.04385EPSS
Exploits1References14Affected Software1
Talos
Talos
added 2021/06/02 12:0 a.m.54 views

Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability

Summary A remote code execution vulnerability exists in the SMB Server Apple macOS 10.15.7. A specially crafted SMB packet can trigger a stack-based buffer overflow, which can lead to arbitrary code execution and denial of service. This vulnerability can be triggered by sending a malicious packet...

6.5CVSS7.3AI score0.01294EPSS
Exploits1
Talos
Talos
added 2021/06/02 12:0 a.m.220 views

Apple macOS SMB server create file request uninitialized memory disclosure

Summary A use of uninitialized data vulnerability exists in the SMB Server Apple macOS 11.2. A specially crafted SMB packet can cause uninitialized data to end up in server reply which can leak sensitive information. This vulnerability can be triggered by sending a malicious packet to the...

5.9CVSS7.2AI score0.01589EPSS
Exploits0
ArchLinux
ArchLinux
added 2021/06/01 12:0 a.m.192 views

[ASA-202106-8] libcurl-gnutls: information disclosure

Arch Linux Security Advisory ASA-202106-8 ========================================= Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-22898 Package : libcurl-gnutls Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1999 Summary ======= The package...

3.1CVSS1.3AI score0.04385EPSS
Exploits1References4
Veracode
Veracode
added 2021/05/28 12:59 p.m.38 views

Information Disclosure

curl is vulnerable to information disclosure. The vulnerability exists in -t command line in CURLOPTTELNETOPTIONS because the option parser for sending NEWENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server which allows an attacker to...

3.1CVSS5.1AI score0.04385EPSS
Exploits1References21Affected Software5
RedhatCVE
RedhatCVE
added 2021/05/26 9:45 a.m.71 views

CVE-2021-22898

A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text...

3.1CVSS1.4AI score0.04385EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/05/26 6:0 a.m.50 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEWENV variables, libcurl could be made to pass on...

3.1CVSS6.9AI score0.04385EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.5 views

Vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system, which allows attackers to modify, add, or delete data.

The vulnerability of the Server component: The Audit Plug-in of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the MySQL network protoco...

4.3CVSS6.3AI score0.00913EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.5 views

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using the network MySQL protocol...

6.3CVSS6.3AI score0.01925EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder