QEMU Security Vulnerabilities

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU, which stems from a stack-based buffer overflow in virtio-net that occurs when the virtionetflushtx...

CVE-2023-39446

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application...

VX-API - Collection Of Various Malicious Functionality To Aid In Malware Development

The VX-API is a collection of malicious functionality to aid in malware development. It is recommended you clone and/or download this entire repo then open the Visual Studio solution file to easily explore functionality and concepts. Some functions may be dependent on other functions present with...

CVE-2023-24604

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data...

CVE-2023-1903

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

CVE-2023-1903

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

Authorization

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

SUSE CVE-2016-2525

epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...

SUSE CVE-2016-4542

The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...

SUSE CVE-2018-14369

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...

SUSE CVE-2019-12214

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2kreadppmv3 function in j2k.c. The value of lNppm comes from the file read in, and the code does not consider that lNppm may be greater than the size of pheaderdata...

SUSE CVE-2020-29130

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length...

SUSE CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2153)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2128)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...

The vulnerability of the Microsoft Office suite, related to pointer offsets, allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of the Microsoft Office package is related to a pointer offset issue during the processing of the cbHdrData element in the FEATHEADER field of BIFF format files. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the application...

curl 信息泄露漏洞

curl is a tool for transferring data from or to a server. An information disclosure vulnerability exists in curl. This security vulnerability allows leakage of authentication or cookie header data over HTTP to redirect to the same host but another port number. Delivering the same set of headers t...

DEBIAN-CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...

UBUNTU-CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...