CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3256 matches found

Cvelist•added 2022/07/19 7:9 p.m.•22 views

CVE-2022-1922

DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gstmatroskadecompressdata function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS...

8.1AI score0.00435EPSS

Exploits1References3

Debian CVE•added 2022/07/19 7:9 p.m.•29 views

CVE-2022-1922

7.8CVSS7.9AI score0.00435EPSS

Exploits1

AlpineLinux•added 2022/07/19 7:9 p.m.•32 views

CVE-2022-1922

7.8CVSS7.9AI score0.00435EPSS

Exploits1

Microsoft CVE•added 2022/07/19 7:0 a.m.•2 views

curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.

...

6.5CVSS7.5AI score0.3197EPSS

Exploits1

Positive Technologies•added 2022/07/19 12:0 a.m.•3 views

PT-2022-5196 · Gstreamer +8 · Gstreamer +8

Name of the Vulnerable Software and Affected Versions: Gstreamer affected versions not specified Description: The issue is related to a potential heap overwrite in the qtdemux element using zlib decompression. This is caused by an integer overflow in the qtdemux inflate function, which can result...

8.8CVSS6.9AI score0.01537EPSS

Exploits7References124

Fedora•added 2022/07/17 1:16 a.m.•19 views

[SECURITY] Fedora 35 Update: golang-github-ulikunitz-xz-0.5.10-4.fc35

This Go language package supports the reading and writing of xz compressed streams. It includes also a gxz command for compressing and decompressing dat a. The package is completely written in Go and doesn't have any dependency on an y C code...

9.3CVSS9AI score0.05994EPSS

Exploits4

Tenable Nessus•added 2022/07/12 12:0 a.m.•41 views

Oracle Linux 7 : olcne (ELSA-2022-9587)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9587 advisory. - Adress Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 - Address qemu CVE-2022-26353, CVE-2021-3748...

10CVSS6.8AI score0.02701EPSS

Exploits1References7

OSV•added 2022/07/08 11:3 a.m.•4 views

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...

9.8CVSS6.6AI score0.3197EPSS

Exploits4References5

NVD•added 2022/07/07 1:15 p.m.•19 views

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

6.5CVSS0.3197EPSS

Exploits1References11

OSV•added 2022/07/07 1:15 p.m.•1 views

ALPINE-CVE-2022-32206

6.5CVSS6.9AI score0.3197EPSS

Exploits1References1

OSV•added 2022/07/07 1:15 p.m.•1 views

DEBIAN-CVE-2022-32206

6.5CVSS7AI score0.3197EPSS

Exploits1References1

OSV•added 2022/07/07 1:15 p.m.•4 views

AZL-10102 CVE-2022-32206 affecting package curl for versions less than 7.84.0-1

6.5CVSS6.7AI score0.3197EPSS

Exploits1References1

Vulnrichment•added 2022/07/07 12:0 a.m.•2 views

CVE-2022-32206

6.5AI score0.3197EPSS

Exploits1References11

curl security advisories•added 2022/06/27 8:0 a.m.•6 views

HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

6.5CVSS7.1AI score0.3197EPSS

Exploits1References1Affected Software2

Hacker One•added 2022/06/27 7:3 a.m.•77 views

Internet Bug Bounty: CVE-2022-32206: HTTP compression denial of service

4.3CVSS8.1AI score0.3197EPSS

Exploits1

Tenable Nessus•added 2022/06/27 12:0 a.m.•130 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5495-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5495-1 advisory. Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a...

9.8CVSS7AI score0.3197EPSS

Exploits4References5

RedhatCVE•added 2022/06/09 10:57 p.m.•63 views

CVE-2022-29225

A flaw was found in Envoy. A specifically constructed HTTP body delivered by an untrusted downstream or upstream peer whose decompressed size is dramatically larger than the compressed size can be sent by an attacker to cause a denial of service. Mitigation This can be mitigated by disabling...

7.5CVSS1.6AI score0.0144EPSS

Exploits1References4

NVD•added 2022/06/09 8:15 p.m.•15 views

CVE-2022-29225

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed...

7.5CVSS0.0144EPSS

Exploits1References2