Lucene search
K

6 matches found

OSV
OSV
added 2025/12/19 9:38 a.m.6 views

CLSA-2025-1766137116 Fix CVE(s): CVE-2025-6020

Reworked CVE-2025-6020 patches to preserve ABI compatibility - Add pammodutilsanitizehelperfds as a static inline helper in the header for modules - Keep the exported pammodutilsanitizehelperfds in libpam as a wrapper that calls the new helper...

7.8CVSS7.5AI score0.0039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/05 12:0 a.m.1 views

PT-2025-28030 · Web-Push · Web-Push

Name of the Vulnerable Software and Affected Versions: web-push crate versions prior to 0.10.3 Description: The issue allows an attacker to cause a denial of service condition through excessive memory consumption in the built-in clients of the web-push crate via a large integer in a Content-Lengt...

4CVSS6.2AI score0.00331EPSS
Exploits0References11
OSV
OSV
added 2023/12/14 8:15 p.m.1 views

DEBIAN-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

8.2CVSS7.9AI score0.01125EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 8:15 p.m.3 views

ALPINE-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

8.2CVSS7AI score0.01125EPSS
Exploits0References1
OSV
OSV
added 2023/12/14 8:15 p.m.3 views

UBUNTU-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

8.2CVSS6AI score0.01125EPSS
Exploits0References2
Amazon
Amazon
added 2023/08/09 12:0 a.m.9 views

Important: golang

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

6.5CVSS7AI score0.0125EPSS
Exploits0
Rows per page
Query Builder