Lucene search
K

118 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.3 views

SUSE CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

5CVSS8.7AI score0.43809EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.5 views

SUSE CVE-2017-9108

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read would have done. Without this fix, adnshost may read...

4CVSS6.9AI score0.02186EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.5 views

SUSE CVE-2017-11449

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...

5.6CVSS9.7AI score0.03389EPSS
Exploits0References6
NVD
NVD
added 2023/02/08 8:15 p.m.28 views

CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

6.5CVSS6.5AI score0.00637EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/08 7:25 p.m.7 views

CVE-2023-0751 GELI silently omits the keyfile if read from stdin

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

7.2AI score0.00637EPSS
Exploits0References1
OSV
OSV
added 2023/02/06 9:15 p.m.3 views

UBUNTU-CVE-2022-44267

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input...

6.5CVSS7.1AI score0.76581EPSS
Exploits4References6
OSV
OSV
added 2021/05/06 1:15 p.m.0 views

DEBIAN-CVE-2020-28009

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow multiple days...

7.8CVSS7.8AI score0.00464EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/06/12 12:0 a.m.3 views

PT-2020-8506 · Adns +2 · Adns +2

Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2 Description: An issue was discovered in adns where adnshost mishandles a missing final newline on a stdin read. This can cause adnshost to read and process one byte beyond the buffer, potentially crashing or leaki...

9.8CVSS8.2AI score0.03603EPSS
Exploits0References46
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.5 views

The vulnerability of the `stdin getln` function in the system administration software Sudo, which allows a hacker to escalate their privileges.

The vulnerability of the stdin getln function in the system administration program Sudo is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.6AI score0.19426EPSS
Exploits13References15Affected Software8
CNVD
CNVD
added 2020/02/04 12:0 a.m.2 views

Sudo Stack Buffer Overflow Vulnerability

Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a stack buffer overflow vulnerability. An attacker can exploit the vulnerability by requiring a long string to be passed to the STDIN of GLLN in TGETPAST...

7.8CVSS9.2AI score0.19426EPSS
Exploits13References1
Oracle linux
Oracle linux
added 2019/11/21 12:0 a.m.71 views

glibc security, bug fix, and enhancement update

2.28-72.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

5.3CVSS5.8AI score0.00479EPSS
Exploits0
Kitploit
Kitploit
added 2019/05/18 10:49 p.m.192 views

Bandit - Tool Designed To Find Common Security Issues In Python Code

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report. Bandit was originally developed within...

7.7AI score
Exploits0References2
OSV
OSV
added 2017/07/19 7:29 a.m.2 views

DEBIAN-CVE-2017-11449

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an image received from stdin...

8.8CVSS7.4AI score0.03389EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/09 12:0 a.m.4 views

Android netd Denial of Service Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. netd is a network daemon. A security vulnerability exists in netd in versions of Android prior to 2016-08-05, which stems from the program's failure to properly handle tethering a...

7.8CVSS6.6AI score0.00474EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/10/12 12:0 a.m.49 views

Amazon Linux AMI : httpd24 (ALAS-2014-389)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

6.8CVSS7.6AI score0.85744EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2014/08/21 3:30 p.m.7 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/21 3:29 p.m.4 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/21 3:29 p.m.7 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/08/06 3:6 p.m.6 views

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

5CVSS6.7AI score0.43809EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2014/07/31 12:0 a.m.50 views

Mandriva Linux Security Advisory : apache (MDVSA-2014:142)

Updated apache package fixes security vulnerabilities : A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a...

6.8CVSS7.7AI score0.85744EPSS
Exploits5References4
Rows per page
Query Builder