CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

Positive Technologies•added 2025/01/01 12:0 a.m.•3 views

PT-2025-35349

Name of the Vulnerable Software and Affected Versions qemu affected versions not specified Description The vulnerability involves an information disclosure issue in QEMU. A heap buffer is allocated without being zeroed, potentially exposing residual data from prior allocations. This data can be...

3.3CVSS5.6AI score0.00147EPSS

Exploits0References10

Tenable Nessus•added 2024/09/24 12:0 a.m.•24 views

EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2460)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

8.6CVSS6.7AI score0.36081EPSS

Exploits2References3

Microsoft CVE•added 2024/06/30 2:0 p.m.•3 views

When doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.

...

9.8CVSS7.5AI score0.04325EPSS

Exploits1

OSV•added 2024/02/20 10:15 p.m.•5 views

CVE-2023-6936

In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS6.9AI score

Exploits0References2

Tenable Nessus•added 2023/08/08 12:0 a.m.•21 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2608)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

5.9CVSS6.5AI score0.02211EPSS

Exploits2References3

RedHat Linux•added 2023/07/18 8:33 a.m.•2 views

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

9.8CVSS6.7AI score0.04325EPSS

Exploits1References5

ATTACKERKB•added 2023/06/14 2:15 p.m.•1 views

CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

5.5CVSS6.1AI score0.00293EPSS

Exploits1References2

OSV•added 2023/06/14 2:15 p.m.•2 views

DEBIAN-CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

5.5CVSS7.6AI score0.00293EPSS

Exploits1References1

NVD•added 2023/06/14 2:15 p.m.•13 views

CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

5.5CVSS5.6AI score0.00293EPSS

Exploits1References1

OSV•added 2023/06/14 2:15 p.m.•1 views

UBUNTU-CVE-2023-34823

fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c...

5.5CVSS5.8AI score0.00293EPSS

Exploits1References3

CNNVD•added 2023/06/14 12:0 a.m.•5 views

fdkaac 缓冲区错误漏洞

fdkaac is a command-line front-end for the libfdk-aac encoder by the Japanese individual developer nu774. A security vulnerability exists in versions of fdkaac prior to 1.0.5, which stems from the discovery of a stack overflow vulnerability via the readcallback function in src/main.c. The...

5.5CVSS5.7AI score0.00293EPSS

Exploits1References2

OpenVAS•added 2023/06/07 12:0 a.m.•39 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2118)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.17011EPSS

Exploits6References2

Microsoft CVE•added 2023/05/27 7:0 a.m.•4 views

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when the `CURLOPT_POSTFIELDS` option has been set if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

...

5.3CVSS6.6AI score0.02211EPSS

Exploits1

OSV•added 2023/05/26 9:15 p.m.•3 views

AZL-26792 CVE-2023-28322 affecting package curl for versions less than 8.0.1-2

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

3.7CVSS6.5AI score0.02211EPSS

Exploits1References1

OSV•added 2023/05/26 9:15 p.m.•3 views

AZL-38070 CVE-2023-28322 affecting package tensorflow for versions less than 2.16.1-1

3.7CVSS6.5AI score0.02211EPSS

Exploits1References1

OSV•added 2023/05/26 9:15 p.m.•50 views

CVE-2023-28322

3.7CVSS6.3AI score0.02211EPSS

Exploits1References12

OSV•added 2023/05/26 9:15 p.m.•1 views

DEBIAN-CVE-2023-28322