55 matches found
AZL-35047 CVE-2024-22019 affecting package nodejs for versions less than 20.14.0-1
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...
DEBIAN-CVE-2023-6135
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...
Froxlor 路径遍历漏洞
Froxlor is a lightweight server management software from the Froxlor team. A path traversal vulnerability exists in Froxlor versions prior to 2.0.20. An attacker can exploit this vulnerability to access files and directories stored outside of the web root folder...
AZL-31141 CVE-2023-0464 affecting package edk2 for versions less than 20230301gitf80f052277c8-34
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
AZL-34601 CVE-2023-23915 affecting package cmake for versions less than 3.28.2-1
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
SUSE CVE-2019-11706
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezonegetvtimezoneproperties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird 60.7.1...
SUSE CVE-2022-3654
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2022-3001
This vulnerability exists in Milesight Video Management Systems VMS, all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the target...
AZL-35158 CVE-2022-26354 affecting package qemu for versions less than 6.2.0-18
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
DEBIAN-CVE-2021-39261
A crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...
AZL-6749 CVE-2021-33286 affecting package ntfs-3g for versions less than 2021.8.22-1
In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...
CVE-2021-27452
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...
AZL-7276 CVE-2018-10392 affecting package libvorbis for versions less than 1.3.7-1
mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2015-06840)
Oracle MySQL Server is an open source relational database management system from Oracle. This database system is characterized by high performance, low cost, good reliability and so on. An explicit vulnerability exists in Oracle MySQL Server versions prior to 5.6.25. Allows an authenticated remot...