166 matches found
PT-2023-24939 · Gibbon · Gibbon
Name of the Vulnerable Software and Affected Versions: Gibbon version 25.0.0 Description: The issue allows for a Local File Inclusion LFI where it is possible to include the content of several files present in the installation folder in the server's response. Recommendations: For Gibbon version...
Gibbon 路径遍历漏洞
Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version 25.0.0 that stems from the presence of a local file inclusion vulnerability. An attacker can exploit the vulnerability to include local files in a serv...
Directory traversal
Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...
Rocket.Chat SQL注入漏洞
Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...
K41133903: ISC DHCP vulnerabilities CVE-2022-2928 CVE-2022-2929
Security Advisory Description CVE-2022-2928 In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the...
SUSE CVE-2005-2967
Format string vulnerability in inputcdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD...
SUSE CVE-2018-14599
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact...
SUSE CVE-2020-8227
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
SUSE CVE-2020-17446
asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...
SUSE CVE-2022-2928
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2022-2792)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : dhcp (ALAS-2022-1874)
The version of dhcp installed on the remote host is prior to 4.2.5-79. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1874 advisory. An integer overflow vulnerability was found in the DHCP server. When the optioncodehashlookup function is called from...
CVE-2022-2928
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
CVE-2022-2928
In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...
USN-5646-1 libxi vulnerabilities
Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service...
Scientific Linux Security Update : squid on SL7.x x86_64 (2022:5542)
The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:5542-1 advisory. - squid: DoS when processing gopher server responses CVE-2021-46784 Note that Nessus has not tested for this issue but has instead relied only on the...
CLSA-2022-1658855510 Fixed CVE-2021-46784 in squid-4.module_el8.4.0+2072+2063f9d1.2.tuxcare.els3
CVE-2021-46784: Fix DoS when processing gopher server responses...
Input validation
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses...
SUSE-SU-2022:2367-1 Security update for squid
This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. bsc1200907 - CVE-2021-33620: Fixed DoS in HTTP Response processing bsc1185923, bsc1186654...
RHEL 8 : squid:4 (RHSA-2022:5528)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5528 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when...