Lucene search
K

166 matches found

Positive Technologies
Positive Technologies
added 2023/06/29 12:0 a.m.5 views

PT-2023-24939 · Gibbon · Gibbon

Name of the Vulnerable Software and Affected Versions: Gibbon version 25.0.0 Description: The issue allows for a Local File Inclusion LFI where it is possible to include the content of several files present in the installation folder in the server's response. Recommendations: For Gibbon version...

9.8CVSS6.9AI score0.47238EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.10 views

Gibbon 路径遍历漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version 25.0.0 that stems from the presence of a local file inclusion vulnerability. An attacker can exploit the vulnerability to include local files in a serv...

9.8CVSS8.3AI score0.47238EPSS
Exploits3References2
Prion
Prion
added 2023/06/25 3:15 a.m.17 views

Directory traversal

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses containing...

5CVSS7.5AI score0.00944EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.6 views

Rocket.Chat SQL注入漏洞

Rocket.Chat is an open source team chat software. A NoSQL injection vulnerability exists in the Rocket.Chat listEmojiCustom method, which can be exploited by a remote attacker to submit a special request that allows custom emoticons to be uploaded to a Rocket.Chat instance, resulting in a delayed...

5.3CVSS7.3AI score0.0061EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.81 views

K41133903: ISC DHCP vulnerabilities CVE-2022-2928 CVE-2022-2929

Security Advisory Description CVE-2022-2928 In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the...

6.5CVSS6.9AI score0.00664EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2967

Format string vulnerability in inputcdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD...

7.5CVSS8AI score0.09676EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.4 views

SUSE CVE-2018-14599

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact...

6.5CVSS7.4AI score0.04799EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

7.1CVSS6.5AI score0.2245EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.6 views

SUSE CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response, because of access to an uninitialized pointer in the array data decoder...

9.8CVSS7.7AI score0.02417EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:32 a.m.3 views

SUSE CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

6.5CVSS8.7AI score0.00664EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2022/12/09 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2022-2792)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.00664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.36 views

Amazon Linux 2 : dhcp (ALAS-2022-1874)

The version of dhcp installed on the remote host is prior to 4.2.5-79. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1874 advisory. An integer overflow vulnerability was found in the DHCP server. When the optioncodehashlookup function is called from...

6.5CVSS7.2AI score0.00664EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2022/10/07 4:45 a.m.44 views

CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

6.5CVSS6.9AI score0.00664EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/10/05 12:1 p.m.2 views

CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References11
OSV
OSV
added 2022/09/28 7:58 p.m.2 views

USN-5646-1 libxi vulnerabilities

Tobias Stoeckmann discovered that libXi did not properly manage memory when handling X server responses. A remote attacker could use this issue to cause libXi to crash, resulting in a denial of service...

7.5CVSS7.2AI score0.03009EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/08/02 12:0 a.m.33 views

Scientific Linux Security Update : squid on SL7.x x86_64 (2022:5542)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:5542-1 advisory. - squid: DoS when processing gopher server responses CVE-2021-46784 Note that Nessus has not tested for this issue but has instead relied only on the...

6.5CVSS6.6AI score0.0362EPSS
Exploits0References2
OSV
OSV
added 2022/07/26 5:11 p.m.8 views

CLSA-2022-1658855510 Fixed CVE-2021-46784 in squid-4.module_el8.4.0+2072+2063f9d1.2.tuxcare.els3

CVE-2021-46784: Fix DoS when processing gopher server responses...

6.5CVSS6.8AI score0.0362EPSS
Exploits0References1
Prion
Prion
added 2022/07/17 10:15 p.m.66 views

Input validation

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses...

4CVSS6.4AI score0.0362EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2022/07/12 1:13 p.m.6 views

SUSE-SU-2022:2367-1 Security update for squid

This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. bsc1200907 - CVE-2021-33620: Fixed DoS in HTTP Response processing bsc1185923, bsc1186654...

6.5CVSS6.8AI score0.79583EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.31 views

RHEL 8 : squid:4 (RHSA-2022:5528)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5528 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: DoS when...

6.5CVSS6.7AI score0.0362EPSS
Exploits0References4
Rows per page
Query Builder