Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in wget

In GNU Wget version 1.24.5, url.c handles semicolons in the userinfo subcomponent of a URI incorrectly. As a result, there may be insecure behaviors where data that should be within the userinfo subcomponent is misinterpreted as being part of the host subcomponent...

9.1CVSS6.7AI score0.00672EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 1:4 p.m.14 views

guzzlehttp/psr7 has CRLF Injection via URI Host Component

Impact guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString or an equivalent custom serializer. Creating a...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 12:38 p.m.36 views

CVE-2026-49214 guzzlehttp/psr7 has CRLF Injection via URI Host Component

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to...

5.3CVSS5.5AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Guzzle 输入验证错误漏洞

Guzzle is a PHP HTTP client developed by the guzzlehttp developer. It allows for easy sending of HTTP requests and seamless integration with web services. Prior to version 2.10.2, Guzzle had an input validation vulnerability. This vulnerability stemmed from allowing ASCII control characters,...

5.3CVSS5.4AI score0.00189EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 12:26 p.m.9 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host ...

8.7CVSS5.8AI score0.00457EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/10/08 11:22 p.m.1 views

SUSE CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

8.2CVSS6.9AI score0.00443EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 4:44 p.m.7 views

CVE-2020-5964

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure...

7.8CVSS6.8AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an out-of-bounds read issue contained in the FM Host component...

5.5CVSS6.5AI score0.00093EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.3 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a classic buffer overflow issue contained in the FM Host component...

7.8CVSS7AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/02 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a classic buffer overflow issue contained in the FM Host component...

7.8CVSS7AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/12 12:0 a.m.2 views

Qualcomm 芯片输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm Chip WLAN module that...

7.5CVSS7.3AI score0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/06 12:0 a.m.5 views

PT-2021-7402 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Description: The issue is related to a denial of service in the WLAN HOST component due to a buffer over-read while unpacking frames. This can be exploited by a remote attacker to...

7.8CVSS7.9AI score0.00461EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2021/01/15 12:0 a.m.103 views

NVIDIA Windows GPU Display Driver (January 2021)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service o...

8.4CVSS6.8AI score0.00471EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2020/11/10 8:0 a.m.8 views

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18 v2.7.18rc1; v3.5.10 v3.5.10rc1; v3.6.11 v3.6.11rc1 v3.6.12; v3.7.8 v3.7.8rc1 v3.7.9; v3.8.3 v3.8.3rc1 v3.8.4 v3.8.4rc1 v3.8.5 v3.8.6 v3.8.6rc1.

...

6.1CVSS7.7AI score0.05406EPSS
Exploits2
CNVD
CNVD
added 2018/12/11 12:0 a.m.3 views

Google Android Qualcomm WLAN Host Component Buffer Overflow Vulnerability

Android is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA, of which Qualcomm WLAN Host is a wireless LAN component. A buffer overflow vulnerability exists in the Qualcomm WLAN Host component in Android. An attacker could exploit this vulnerability...

7.8CVSS7.6AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2017/03/07 8:59 a.m.4 views

ALPINE-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

6.1CVSS7.5AI score0.03086EPSS
Exploits1References1
Rows per page
Query Builder