290 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from data stream corruption...
CVE-2021-47152
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to...
LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...
LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp
A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...
KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023
KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...
CVE-2023-35946
creationtimestamp| type| source ---|---|--- 2023-07-01 00:15:28+00:00| seen| https://t.me/cibsecurity/65830...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async HTTP Client has CRLF Injection vulnerability in HTTP request headers
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Open vSwitch 安全漏洞
Open vSwitch is an open source virtual switch. A security vulnerability exists in Open vSwitch that stems from the fact that when processing IP packets with protocol 0, a data path stream is installed without modifying the IP header operation...
K15874: Samba vulnerability CVE-2013-4475
Security Advisory Description Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated...
SUSE CVE-2010-4054
The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...
SUSE CVE-2013-4475
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream ADS...
SUSE CVE-2015-0973
Buffer overflow in the pngreadIDATdata function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495...
SUSE CVE-2018-1000178
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessageconst QByteArray &msg datastreampeer.cpp line 62 that allows an attacker to execute code remotely...
Crlf injection
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
Async 注入漏洞
Async is a utility module from Caolan McMahon Personal Developer in the UK. It is used to work with asynchronous JavaScript. A security vulnerability exists in Async HTTP Client version 1.13.2 and earlier versions. An attacker exploiting this vulnerability could open source a new HTTP header fiel...
CVE-2023-0040
Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...
OpenSearch Project 安全漏洞
OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x versions prior t...
OESA-2022-2075 freetds security update
FreeTDS is an open source implementation of the TDS Tabular Data Stream protocol used by these databases for their own clients. It supports many different flavors of the protocol and three APIs to access it. FreeTDS includes call level interfaces for DB-Lib, CT-Lib, and ODBC. Security Fixes:...