Lucene search
K

59 matches found

OSV
OSV
added 2023/05/10 7:20 p.m.41 views

GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...

3.7CVSS6.6AI score0.01901EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.6 views

PT-2022-21119 · Apple · Swiftnio

Name of the Vulnerable Software and Affected Versions: NIOHTTP1 affected versions not specified SwiftNIO affected versions not specified Description: The issue occurs when a HTTP/1.1 server accepts user-generated input from an incoming request and reflects it into a HTTP/1.1 response header. A...

7.5CVSS7.5AI score0.00556EPSS
Exploits0References8
Prion
Prion
added 2022/09/21 7:15 p.m.24 views

Input validation

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

5CVSS7.5AI score0.00732EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 6:45 p.m.38 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.7AI score0.00732EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 6:45 p.m.27 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.5CVSS7AI score0.00732EPSS
Exploits0References3
CVE
CVE
added 2022/09/21 6:45 p.m.70 views

CVE-2022-3252

CVE-2022-3252 affects Apple SwiftNIO Extras. The issue arises in the transparent HTTP body decompression helpers, specifically HTTPRequestDecompressor and HTTPResponseDecompressor, which fail to detect when the decompressed body is complete. Attacks can append trailing junk data to a compressed H...

7.5CVSS7.5AI score0.00732EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Apple SwiftNIO Extras 安全漏洞

Apple SwiftNIO Extras is an extension for the SwiftNIO web application framework from Apple Inc. A security vulnerability exists in Apple SwiftNIO Extras, which stems from the fact that if garbage data is appended to the body of an HTTP message, the code will repeatedly attempt to decompress this...

7.5CVSS7.4AI score0.00732EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:4 p.m.11 views

GHSA-FRG3-GPCX-968F SwiftNIO SSL arbitrary code execution vulnerability

A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...

9.8CVSS9.1AI score0.02212EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:4 p.m.14 views

SwiftNIO SSL arbitrary code execution vulnerability

A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...

9.8CVSS9.1AI score0.02212EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.13 views

SwiftNIO SSL arbitrary code execution vulnerability

A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1...

9.8CVSS7AI score0.02212EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2020/05/11 8:15 p.m.17 views

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

7.5CVSS6.4AI score
Exploits0References1
NVD
NVD
added 2020/05/11 8:15 p.m.22 views

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

7.5CVSS7.1AI score0.01008EPSS
Exploits0References1
Prion
Prion
added 2020/05/11 8:15 p.m.17 views

Design/Logic Flaw

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

5CVSS7AI score0.01008EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/11 7:35 p.m.23 views

CVE-2020-9840

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions...

7.1AI score0.01008EPSS
Exploits0References1
CVE
CVE
added 2020/05/11 7:35 p.m.75 views

CVE-2020-9840

Vulnerability: apple/swift-nio-extras (SwiftNIO Extras) before 1.4.1 has a Denial of Service issue due to improper checks of the decompression size when using the .size decompression limit. Impact: potential crash or service disruption. Remediation: upgrade to version 1.4.1 or higher (per Snyk ad...

7.5CVSS7AI score0.01008EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/12/18 6:15 p.m.14 views

CVE-2019-8849

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

9.8CVSS7AI score
Exploits0References1
NVD
NVD
added 2019/12/18 6:15 p.m.15 views

CVE-2019-8849

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

9.8CVSS9.1AI score0.02212EPSS
Exploits0References1
Snyk
Snyk
added 2019/12/18 6:15 p.m.3 views

Arbitrary Code Execution

Overview apple/swift-nio-ssl is a TLS Support for SwiftNIO, based on BoringSSL. Affected versions of this package are vulnerable to Arbitrary Code Execution. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO...

9.8CVSS7.3AI score0.02212EPSS
Exploits0References2
Prion
Prion
added 2019/12/18 6:15 p.m.16 views

Design/Logic Flaw

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

7.5CVSS9AI score0.02212EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.15 views

CVE-2019-8849

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

9.2AI score0.02212EPSS
Exploits0References1
Rows per page
Query Builder