Lucene search
K

111 matches found

OSV
OSV
added 2022/11/14 7:24 p.m.18 views

GSD-2022-1007307 ext4: avoid crash when inline data creation follows DIO write

ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/11/14 7:7 p.m.9 views

GSD-2022-1007122 ext4: avoid crash when inline data creation follows DIO write

ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/11/14 6:47 p.m.13 views

GSD-2022-1006883 ext4: avoid crash when inline data creation follows DIO write

ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

7.2AI score
Exploits0
Prion
Prion
added 2022/08/04 9:15 p.m.32 views

Buffer overflow

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value...

7.5CVSS9.4AI score0.01638EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/04 8:35 p.m.7 views

CVE-2022-35927 Unverified DIO prefix info lengths in RPL-Classic in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option DIO control message can contain a prefix information option with a length parameter. The value...

8.1CVSS9.6AI score0.01638EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.7 views

Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-9324-jv53-9cc8. This link is maintained to preserve external references. Original Description The dio package prior to 5.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a...

6.6AI score
Exploits0References6Affected Software1
OSV
OSV
added 2022/03/18 12:9 a.m.14 views

GSD-2022-1000690 btrfs: fallback to blocking mode when doing async dio over multiple extents

btrfs: fallback to blocking mode when doing async dio over multiple extents This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.13 by commit...

7.2AI score
Exploits0
NVD
NVD
added 2021/04/15 7:15 p.m.60 views

CVE-2021-31402

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...

7.5CVSS0.01158EPSS
Exploits1References1
Prion
Prion
added 2021/04/15 7:15 p.m.26 views

Crlf injection

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...

5CVSS6.5AI score0.02155EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/04/15 6:18 p.m.91 views

CVE-2021-31402

CVE-2021-31402 affects the dio package for Dart, specifically version 4.0.0, where CRLF injection is possible when an attacker controls the HTTP method string. The issue is a distinct vulnerability from CVE-2020-35669 and is documented as a CRLF sequence handling flaw in the Dio HTTP client. Patc...

7.5CVSS6.4AI score0.01158EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/04/15 12:0 a.m.6 views

wendu dio 注入漏洞

wendu dio is a wendu open source application system . Dart's powerful Http client , it supports interceptor , global configuration , FormData, request cancelation , file downloads, timeout and so on . dio package version 4.0.0 injection vulnerability , an attacker can use the vulnerability to...

7.5CVSS7.4AI score0.01158EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/04/15 12:0 a.m.10 views

PT-2021-19283 · Dio · Dio

Name of the Vulnerable Software and Affected Versions: dio package versions prior to 5.0.0 Description: The issue allows CRLF injection if the attacker controls the HTTP method string. This is a different issue than previously identified problems. Recommendations: For dio package versions prior t...

7.5CVSS7.6AI score0.01158EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2020/11/04 1:47 a.m.7 views

tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c

An out-of-bounds read vulnerability was discovered in tcpdump while printing ICMP6 packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application...

9.8CVSS6.4AI score0.03891EPSS
Exploits0References4
NVD
NVD
added 2018/02/27 8:29 p.m.20 views

CVE-2017-18204

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

5.5CVSS5AI score0.00443EPSS
Exploits0References11
Prion
Prion
added 2018/02/27 8:29 p.m.24 views

Design/Logic Flaw

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

2.1CVSS5.6AI score0.00443EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2018/02/27 8:0 p.m.27 views

CVE-2017-18204

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

5.6AI score0.00443EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2018/02/27 8:0 p.m.39 views

CVE-2017-18204

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

5.5CVSS6AI score0.00443EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/02/27 12:0 a.m.38 views

CVE-2017-18204

The ocfs2setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service deadlock via DIO requests...

5.5CVSS6.7AI score0.00443EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2015/10/08 12:0 a.m.40 views

Oracle: Security Advisory (ELSA-2008-0612)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.9AI score0.04934EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2015/10/08 12:0 a.m.45 views

Oracle: Security Advisory (ELSA-2008-0885)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.3AI score0.00518EPSS
Exploits7References2
Rows per page
Query Builder