Lucene search
K

290 matches found

CNNVD
CNNVD
added 2024/03/25 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from data stream corruption...

5.5CVSS6AI score0.00232EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/03/25 12:0 a.m.28 views

CVE-2021-47152

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to...

5.5CVSS6.4AI score0.00232EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/23 4:26 p.m.5 views

LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp

A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...

7.8CVSS5.9AI score0.00424EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/11/07 8:49 a.m.13 views

LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp

A flaw was found in the LibRaw package. A stack buffer overflow in the LibRawbufferdatastream::gets function in src/librawdatastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash...

7.8CVSS5.9AI score0.00424EPSS
Exploits1References5
Microsoft KB
Microsoft KB
added 2023/10/10 7:0 a.m.208 views

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023

KB5029376 - Description of the security update for SQL Server 2017 CU31: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

5.5CVSS6.8AI score0.00851EPSS
Exploits0
Circl
Circl
added 2023/07/01 12:15 a.m.7 views

CVE-2023-35946

creationtimestamp| type| source ---|---|--- 2023-07-01 00:15:28+00:00| seen| https://t.me/cibsecurity/65830...

6.9CVSS6.2AI score0.00286EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/06/07 3:52 p.m.27 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/06/07 3:52 p.m.20 views

GHSA-V3R5-PJPM-MWGQ Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7.6AI score0.00549EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/07 12:0 a.m.15 views

Async HTTP Client has CRLF Injection vulnerability in HTTP request headers

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.5CVSS7AI score0.00549EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.4 views

Open vSwitch 安全漏洞

Open vSwitch is an open source virtual switch. A security vulnerability exists in Open vSwitch that stems from the fact that when processing IP packets with protocol 0, a data path stream is installed without modifying the IP header operation...

8.2CVSS6.7AI score0.01216EPSS
Exploits0References14
F5 Networks
F5 Networks
added 2023/02/21 7:52 p.m.44 views

K15874: Samba vulnerability CVE-2013-4475

Security Advisory Description Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated...

4CVSS8.2AI score0.09017EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.2 views

SUSE CVE-2010-4054

The gstype2interpret function in Ghostscript allows remote attackers to cause a denial of service incorrect pointer dereference and application crash via crafted font data in a compressed data stream, aka bug 691043...

4.3CVSS6.8AI score0.0266EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-4475

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream ADS...

4CVSS7AI score0.09017EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.5 views

SUSE CVE-2015-0973

Buffer overflow in the pngreadIDATdata function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495...

8.8CVSS9.8AI score0.04308EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000178

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessageconst QByteArray &msg datastreampeer.cpp line 62 that allows an attacker to execute code remotely...

9.8CVSS9.6AI score0.03978EPSS
Exploits1References3
Prion
Prion
added 2023/01/18 7:15 p.m.21 views

Crlf injection

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

5CVSS7.7AI score0.00549EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.2 views

Async 注入漏洞

Async is a utility module from Caolan McMahon Personal Developer in the UK. It is used to work with asynchronous JavaScript. A security vulnerability exists in Async HTTP Client version 1.13.2 and earlier versions. An attacker exploiting this vulnerability could open source a new HTTP header fiel...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/18 12:0 a.m.4 views

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

7.9AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.6 views

OpenSearch Project 安全漏洞

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch Project versions prior to 1.3.7 and 2.x versions prior t...

6.3CVSS6.4AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2022/11/11 11:4 a.m.4 views

OESA-2022-2075 freetds security update

FreeTDS is an open source implementation of the TDS Tabular Data Stream protocol used by these databases for their own clients. It supports many different flavors of the protocol and three APIs to access it. FreeTDS includes call level interfaces for DB-Lib, CT-Lib, and ODBC. Security Fixes:...

9.8CVSS7AI score0.01781EPSS
Exploits0References2
Rows per page
Query Builder