UBUNTU-CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...

Connman 缓冲区错误漏洞

Connman is a connection manager. A security vulnerability exists in Connman's DNS proxy that stems from a lack of checking by the TCP server reply implementation for the presence of sufficient Header Data to cause an out-of-bounds read...

CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read...

PT-2021-7737

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The function PEM read bio ex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the name out...

USN-5009-2: libslirp vulnerabilities

USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Original advisory details: Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive...

USN-5009-1: libslirp vulnerabilities

Qiuhao Li discovered that libslirp incorrectly handled certain header data lengths. An attacker inside a guest could possibly use this issue to leak sensitive information from the host. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. CVE-2020-29129, CVE-2020-29130 It was discovered th...

Nodemailer 注入漏洞

Nodemailer is a JS codebase from the Nodemailer team that provides the ability to send emails. An injection vulnerability exists in Nodemailer due to a lack of security checks on the HTTP Header. An attacker could trigger abnormal behavior on the target system via malicious data containing line...

GHSA-H45P-W933-JXH3 Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-X5H4-9GQW-942J Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

CVE-2021-20341

IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. IBM X-Force ID: 194513...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak that stems from the return of...

Information Disclosure

libslirp is vulnerable to information disclosure. A buffer over-read in slirp.c allows reading of a certain amount of header data pass the total packet length...

Type confusion

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

PYSEC-2021-46

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

CVE-2021-3116

CVE-2021-3116 affects proxy.py’s AuthPlugin (http/proxy/auth.py) before version 2.3.1, where a boolean logic bug (and vs or) allows incorrect Proxy-Authorization header data to be accepted. This may impact authentication handling in proxy.py, as described in Red Hat OSV/NVD entries and related ad...

Vinades NukeViet SQL注入漏洞

Vinades NukeViet is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet is vulnerable to a SQL injection vulnerability that originates from a SQL INSERT statement containing raw header data e.g., Referer and User-Agent from HTTP requests. No detailed vulnerability...

DEBIAN-CVE-2020-29129

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length...

DEBIAN-CVE-2020-29130

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length...

Buffer overflow

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length...

CVE-2020-29129

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length...