Lucene search
K

62 matches found

AlmaLinux
AlmaLinux
added 2023/12/14 12:0 a.m.45 views

Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

6.2CVSS7.2AI score0.0045EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2023/11/07 8:38 a.m.49 views

Moderate: Red Hat Security Advisory: avahi security update

An update for avahi is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

5.5CVSS6.4AI score0.0045EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0788

Unknown vulnerability in the Internet Printing Protocol IPP implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service CPU consumption from a "busy loop" via certain inputs to the IPP port TCP 631...

5CVSS6.8AI score0.02323EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.5 views

SUSE CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause movedesc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhostcrypto is...

3.8CVSS6.8AI score0.00397EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2022/11/01 1:15 p.m.40 views

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

1.3AI score0.0027EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/11/01 1:15 p.m.5 views

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

5.5CVSS5.8AI score0.0027EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.3 views

PT-2022-26366 · Unknown · Oxenstored

Name of the Vulnerable Software and Affected Versions: Oxenstored versions 32-bit builds Description: The issue arises from the Ocaml Xenbus library taking a C uint32 t out of the ring and casting it directly to an Ocaml integer. In 32-bit builds, this causes a truncation of the most significant...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References62
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.4 views

Xen 缓冲区错误漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen...

5.5CVSS5.7AI score0.0027EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.45 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2022-2341)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

9.8CVSS6.8AI score0.3197EPSS
Exploits9References10
Tenable Nessus
Tenable Nessus
added 2022/09/14 12:0 a.m.50 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2310)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...

9.8CVSS6.8AI score0.3197EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2022/07/01 12:0 a.m.68 views

Ubuntu 16.04 ESM : curl vulnerabilities (USN-5499-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5499-1 advisory. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS servers certificate chain details. A remote attacker could possibly use this...

7.5CVSS6.9AI score0.06762EPSS
Exploits2References3
OSV
OSV
added 2022/06/28 3:41 p.m.5 views

CLSA-2022-1656430897 Fix CVE(s): CVE-2022-27781

SECURITY UPDATE: malicious server could make libcurl get stuck in a never-ending busy-loop when trying to retrieve cert information - debian/patches/CVE-2022-27781.patch: add maximum value of possible traversed certificates - CVE-2022-27781...

7.5CVSS7.2AI score0.02434EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/06/18 5:59 p.m.77 views

Internet Bug Bounty: CVE-2022-27781: CERTINFO never-ending busy-loop

Published Advisory: https://curl.se/docs/CVE-2022-27781.html Original Report: https://hackerone.com/reports/1555441 Impact Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information...

7.5AI score0.02434EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2022/06/14 7:0 a.m.3 views

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

...

7.5CVSS6.8AI score0.02434EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/06/01 12:0 a.m.5 views

CVE-2022-27781

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...

7.3AI score0.02434EPSS
Exploits1References5
OSV
OSV
added 2022/05/11 8:0 a.m.12 views

CURL-CVE-2022-27781 CERTINFO never-ending busy-loop

libcurl provides the CURLOPTCERTINFO option to allow applications to request details to be returned about a TLS server's certificate chain. Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that...

7.5CVSS7.4AI score0.02434EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2022/05/11 12:0 a.m.44 views

CVE-2022-27781

libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. Du...

7.5CVSS6.8AI score0.02434EPSS
Exploits1References5
Gitee
Gitee
added 2021/09/09 2:37 p.m.11 views

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...

9.3CVSS7.3AI score0.9857EPSS
Exploits33
OSV
OSV
added 2018/02/22 12:29 a.m.30 views

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

5.9CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2018/02/22 12:29 a.m.20 views

Design/Logic Flaw

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

4.3CVSS5.6AI score0.11665EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder