Lucene search
K

13 matches found

RedHat Linux
RedHat Linux
added 2024/10/14 2:51 a.m.7 views

openipmi: missing check on the authorization type on incoming LAN messages in IPMI simulator

A flaw was found in the IPMI simulator ipmisim component of OpenIPMI. Due to a missing check in the authorization type on incoming LAN messages, an attacker may be able to trigger a denial of service...

5CVSS5.6AI score0.00395EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/10 9:38 p.m.50 views

@grpc/grpc-js can allocate memory for incoming messages well above configured limits

Impact There are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an...

5.3CVSS7.2AI score0.00671EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/10 9:32 p.m.45 views

CVE-2024-37168 @grpc/grpc-js can allocate memory for incoming messages well above configured limits

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the grpc.maxreceivemessagelength channel option: If an...

5.3CVSS7.1AI score0.00671EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-12817 · Qualcomm · 9205 Lte Modem Firmware +7

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue is related to memory corruption in a modem, caused by improper input validation when handling incoming CoAP messages. Recommendations: At the moment, there is no information...

9.8CVSS7.1AI score0.00417EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.6 views

Microsoft Windows TCP/IP component 资源管理错误漏洞

Microsoft Windows TCP/IP component is a component of Microsoft Corporation USA that provides TCP/IP configuration functionality for Windows.A denial of service vulnerability exists in Microsoft Windows TCP/IP, which stems from a failure to properly handle incoming error messages. An attacker coul...

7.5CVSS7.6AI score0.01995EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.4 views

Microsoft Visual Studio和Microsoft .NET 输入验证错误漏洞

Microsoft Visual Studio is a family of development tool suites and a fundamentally complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft .NET is a software framework dedicated to agile software development, rapid application development,...

7.5CVSS7.3AI score0.04763EPSS
Exploits0References16
OSV
OSV
added 2019/03/13 7:29 p.m.17 views

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker server, it mishandles incoming network messages. After processing a crafted packet, the plugin's mqttpacketdrop function in /plugins/inmqtt/mqttprot.c executes the memmove functio...

7.5CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/04/18 2:0 p.m.32 views

CVE-2015-9192

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD...

9.6AI score0.01252EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2012/11/22 2:21 a.m.27 views

Facebook Proposes Eliminating User Voting System for Privacy Changes

Facebook today announced plans to eliminate its voting system that gave users a say in how their privacy is handled. In a statement issued Wednesday, Elliot Schrage, Vice President, Communications, Public Policy and Marketing for the Menlo Park, Calif.-based social media company, said the voting...

6.9AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/06/25 12:0 a.m.26 views

SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)

Various remote triggerable crashes in pidgin have been fixed : - In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text . CVE-2012-1178 - Incoming messages wi...

5CVSS5.4AI score0.02504EPSS
Exploits2References6
Check Point Advisories
Check Point Advisories
added 2011/08/16 12:0 a.m.2 views

Siemens Tecnomatix FactoryLink SCADA VRN Server Multiple Buffer Overflows

Multiple buffer overflow vulnerabilities have been reported in Siemens Tecnomatix FactoryLink VRN Server SCADA system. The vulnerabilities are due to a boundary error in the application's VRN Server, which occurs while handling incoming message requests. A remote attacker could leverage these...

8.2AI score
Exploits0
Ubuntu
Ubuntu
added 2010/02/22 3:36 p.m.61 views

USN-902-1: Pidgin vulnerabilities

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. CVE-2010-0277 Sadrul Habib Chowdhury discovered that...

5CVSS7.3AI score0.02875EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2005/07/22 1:26 a.m.7 views

security flaw

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an incoming message...

7.5CVSS6.2AI score0.04703EPSS
Exploits0References4
Rows per page
Query Builder