CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3386 matches found

Amazon•added 2024/05/30 12:0 a.m.•5 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.91969EPSS

Exploits1

Amazon•added 2024/05/30 12:0 a.m.•32 views

Medium: golist

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS8AI score0.91969EPSS

Exploits1

SUSE CVE•added 2024/05/29 2:18 p.m.•1 views

SUSE CVE-2023-52881

In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered...

5.9CVSS6.2AI score0.00227EPSS

Exploits0References44

OSV•added 2024/05/29 11:16 a.m.•1 views

DEBIAN-CVE-2023-52881

5.5CVSS5.7AI score0.00227EPSS

Exploits0References1

OSV•added 2024/05/29 11:16 a.m.•0 views

UBUNTU-CVE-2023-52881

5.5CVSS6.1AI score0.00227EPSS

Exploits0References11

RedHat Linux•added 2024/05/29 8:15 a.m.•2 views

kernel: cifs: fix underflow in parse_server_interfaces()

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

6.7CVSS6.6AI score0.00407EPSS

Exploits0References5

CNNVD•added 2024/05/29 12:0 a.m.•2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that the TCP protocol stack may accept an ACK acknowledgement for bytes that were never sent when...

5.5CVSS6.7AI score0.00227EPSS

Exploits0References10

OpenVAS•added 2024/05/27 12:0 a.m.•9 views

Fedora: Security Advisory for rust-pretty-bytes (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

Fedora•added 2024/05/26 1:29 a.m.•12 views

[SECURITY] Fedora 40 Update: rust-pretty-bytes-0.2.0-6.fc40

Convert bytes to a human readable string...

7.2AI score

Exploits0

OSV•added 2024/05/23 9:27 a.m.•3 views

USN-6663-3 openssl update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS1 v1.5 RSA to...

5.9CVSS6.3AI score0.01158EPSS

Exploits1References2

Ubuntu•added 2024/05/23 9:27 a.m.•19 views

USN-6663-3: OpenSSL update

5.4AI score

Exploits0References1

Tenable Nessus•added 2024/05/23 12:0 a.m.•8 views

Ubuntu 24.04 LTS : OpenSSL update (USN-6663-3)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-3 advisory. USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

5.6AI score

Exploits0References1

RedhatCVE•added 2024/05/22 11:57 a.m.•21 views

CVE-2021-47336

In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smksetcipso Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: PATCH smackfs: restrict byt...

5.5CVSS6.5AI score0.00246EPSS

Exploits0References3

RedHat Linux•added 2024/05/22 11:53 a.m.•5 views

glibc: Out of bounds write in iconv may lead to remote code execution

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

7.3CVSS7.2AI score0.8833EPSS

Exploits16References5

OSV•added 2024/05/22 9:15 a.m.•1 views

DEBIAN-CVE-2021-47485

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields Overflowing either addrlimit or bytestogo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on...

7.8CVSS5.8AI score0.00239EPSS

Exploits0References1

Mageia•added 2024/05/21 11:17 p.m.•38 views

Updated python-pymongo packages fix security vulnerability

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

7.3AI score

Exploits0References2