CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2025/05/22 4:28 a.m.•5 views

CVE-2019-14056

u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in...

7.8CVSS7.9AI score0.00033EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:4 a.m.•1 views

SUSE CVE-2009-1252

Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...

6.8CVSS8.3AI score0.72138EPSS

Exploits1References4

Microsoft CVE•added 2022/03/11 8:0 a.m.•8 views

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result the L2 guest would be allowed to read/write physical pages of the host resulting in a crash of the entire system leak of sensitive data or potential guest-to-host escape.

...

8.8CVSS7.2AI score0.00066EPSS

Exploits0

RedHat Linux•added 2021/11/02 9:58 a.m.•2 views

kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

8.8CVSS6.7AI score0.00066EPSS

Exploits0References5

OSV•added 2021/08/16 12:0 p.m.•1 views

UBUNTU-CVE-2021-3656

8.8CVSS6.8AI score0.00066EPSS

Exploits0References11

OSV•added 2021/05/20 7:15 p.m.•0 views

UBUNTU-CVE-2021-28902

In function readyincontainer in libyang extr is NULL. In some cases, it can be NULL, which leads to the operation of retval-extr-flags that results in a crash...

7.5CVSS7.1AI score0.00405EPSS

Exploits1References3

Tenable Nessus•added 2021/02/04 12:0 a.m.•36 views

SUSE SLED15 / SLES15 Security Update : cups (SUSE-SU-2021:0285-1)

This update for cups fixes the following issues : CVE-2020-10001: Fixed an out-of-bounds read in the ippReadIO function bsc1180520. CVE-2019-8842: Fixed an out-of-bounds read in an extension field bsc1170671. Note that Tenable Network Security has extracted the preceding description block directl...

5.5CVSS5.9AI score0.00337EPSS

Exploits0References7

Prion•added 2020/09/08 10:15 a.m.•17 views

Integer overflow

7.2CVSS7.9AI score0.00033EPSS

Exploits0References2

Cvelist•added 2020/09/08 9:31 a.m.•19 views

CVE-2019-14056

7.9AI score0.00033EPSS

Exploits0References1

RedHat Linux•added 2018/03/07 3:9 p.m.•4 views

tomcat-native: Mishandling of client certificates can allow for OCSP check bypass

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

5.9CVSS7.3AI score0.00431EPSS

Exploits0References4

OSV•added 2018/02/28 1:55 p.m.•10 views

MGASA-2018-0150 Updated tomcat-native package fixes security vulnerability

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected if the OCSP check...

5.9CVSS6AI score0.00431EPSS

Exploits0References3

NVD•added 2018/01/31 2:29 p.m.•19 views

CVE-2017-15698

5.9CVSS5.7AI score0.00431EPSS

Exploits0References10

OSV•added 2018/01/31 2:29 p.m.•8 views

CVE-2017-15698

5.9CVSS6.1AI score

Exploits0References10

OSV•added 2015/10/06 1:59 a.m.•1 views

DEBIAN-CVE-2014-9750

ntpcrypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service daemon crash via a packet containing an extension field with an invalid value for the length of its value...

5.8CVSS6.7AI score0.04426EPSS

Exploits0References1

RedHat Linux•added 2015/07/21 10:15 a.m.•3 views

ntp: vallen in extension fields are not validated

A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash...

7.2AI score

Exploits0References5

OSV•added 2015/02/09 5:32 p.m.•0 views

USN-2497-1 ntp vulnerabilities

Stephen Roettger, Sebastian Krahmer, and Harlan Stenn discovered that NTP incorrectly handled the length value in extension fields. A remote attacker could use this issue to possibly obtain leaked information, or cause the NTP daemon to crash, resulting in a denial of service. CVE-2014-9297 Steph...

7AI score

Exploits0References3

NVD•added 2009/05/19 7:30 p.m.•14 views

CVE-2009-1252

6.8CVSS7.9AI score0.72138EPSS

Exploits1References39

Prion•added 2009/05/19 7:30 p.m.•19 views

Stack overflow

6.8CVSS8.4AI score0.72138EPSS

Exploits1References39Affected Software1