Lucene search
+L

87 matches found

OSV
OSV
added 2023/10/24 8:35 p.m.7 views

CLSA-2023-1698179730 zlib: Fix of CVE-2023-45853

CVE-2023-45853: Reject overflows of zip header fields in minizip...

9.8CVSS6.8AI score0.03179EPSS
Exploits0References1
OSV
OSV
added 2023/10/24 8:33 p.m.10 views

CLSA-2023-1698179598 Fix CVE(s): CVE-2023-45853

SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...

9.8CVSS6.8AI score0.03179EPSS
Exploits0References1
OSV
OSV
added 2023/10/24 8:27 p.m.6 views

CLSA-2023-1698179235 Fix CVE(s): CVE-2023-45853

SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...

9.8CVSS7.1AI score0.03179EPSS
Exploits0References1
OSV
OSV
added 2023/10/10 5:15 p.m.1 views

DEBIAN-CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

7.5CVSS6.8AI score0.03754EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.5 views

SUSE CVE-2004-0234

Multiple stack-based buffer overflows in the getheader function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testi...

10CVSS8.2AI score0.10262EPSS
Exploits3References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.2 views

SUSE CVE-2019-14982

In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash...

6.5CVSS8.3AI score0.02001EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:55 a.m.5 views

SUSE CVE-2020-17444

An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field and deducing whether the IPv6 extension headers are valid doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension heade...

7.5CVSS7.4AI score0.02798EPSS
Exploits0References3
OSV
OSV
added 2022/09/07 11:4 a.m.4 views

OESA-2022-1892 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: zlib through 1.2.12 has a heap-based buffer over-read or buff...

9.8CVSS8.3AI score0.16004EPSS
Exploits1References2
OSV
OSV
added 2022/04/29 5:15 p.m.3 views

UBUNTU-CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

8.2CVSS7.4AI score0.00399EPSS
Exploits1References5
OSV
OSV
added 2022/04/06 1:15 a.m.3 views

CVE-2022-26952

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page...

7.5CVSS6.1AI score0.02038EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2021/05/18 2:25 p.m.5 views

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

9.8CVSS6.6AI score0.90039EPSS
Exploits2References5
Zero Day Initiative
Zero Day Initiative
added 2020/12/15 12:0 a.m.20 views

(0Day) D-Link DCS-960L HTTP Authorization Header Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server, which listens on TCP port 80 by default. A...

8.8CVSS1.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/10/28 4:2 p.m.9 views

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

9.8CVSS6.6AI score0.90039EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2020/10/28 3:49 p.m.5 views

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

9.8CVSS6.6AI score0.90039EPSS
Exploits2References5
Prion
Prion
added 2019/11/22 7:15 p.m.17 views

Design/Logic Flaw

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

5CVSS5.3AI score0.01541EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/06/13 12:0 a.m.4 views

PT-2019-2570 · Abb · Abb Idal Ftp Server

Name of the Vulnerable Software and Affected Versions: ABB IDAL HTTP server version SAP500900R0101 Description: The issue is related to a buffer overflow vulnerability in the HTTP server of the ABB IDAL tool. This occurs when a long Host header is sent in a web request, allowing an unauthenticate...

8.8CVSS8.9AI score0.52093EPSS
Exploits2References11
OSV
OSV
added 2019/02/21 7:29 p.m.5 views

CVE-2019-8985

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices possibly WF2411 through WF2880, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service device restart or remote code execution. This vulnerability can be triggered by a GE...

9.8CVSS7.9AI score0.13296EPSS
Exploits1References1
OSV
OSV
added 2018/05/13 3:29 p.m.5 views

CVE-2018-11013

Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 CN routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header...

9.8CVSS6.4AI score0.06542EPSS
Exploits1References1
OSV
OSV
added 2018/05/02 11:29 p.m.7 views

DEBIAN-CVE-2016-10721

partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application...

9.8CVSS8.1AI score0.02184EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/10/29 5:29 p.m.25 views

CVE-2017-15996

elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service excessive memory allocation or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper...

7.8CVSS7AI score0.02357EPSS
Exploits0References2
Rows per page
Query Builder