Lucene search
K

156 matches found

Positive Technologies
Positive Technologies
added 2022/05/15 12:0 a.m.4 views

PT-2022-19321 · Unknown · Fisco-Bcos

Name of the Vulnerable Software and Affected Versions: FISCO-BCOS version release-3.0.0-rc2 Description: The issue allows a malicious node to cause normal nodes to stop producing new blocks and processing new clients' requests by sending an invalid proposal with an invalid header. Recommendations...

7.5CVSS7.4AI score0.01144EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/12/09 12:0 a.m.5 views

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty An environment issue vulnerability exists that stems from the fact that Netty is an asynchronous event-driven web...

6.5CVSS7AI score0.02682EPSS
Exploits0References38
Github Security Blog
Github Security Blog
added 2021/12/03 8:52 p.m.25 views

HTTP Request Smuggling in github.com/hyperledger/fabric

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...

7.5CVSS1.8AI score0.01091EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/11/18 4:15 p.m.24 views

CVE-2021-43669

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...

7.5CVSS0.01091EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/18 12:0 a.m.5 views

Hyperledger Fabric 环境问题漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used for developing solutions and applications. A security vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0, which can be exploited by an attacker by constructing a message whose header is...

7.5CVSS7.3AI score0.01091EPSS
Exploits0References3
NVD
NVD
added 2021/08/12 9:15 p.m.31 views

CVE-2021-33056

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...

7.5CVSS0.01294EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.4 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.6 views

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

9.1CVSS7.1AI score0.08914EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/03/05 12:53 p.m.4 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/03/03 4:13 p.m.7 views

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

9.1CVSS7.1AI score0.08914EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/02/21 7:40 p.m.31 views

CVE-2020-9308

archivereadsupportformatrar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header such as a header size of zero, leading to a SIGSEGV or possibly unspecified other impact...

8.8CVSS4AI score0.02251EPSS
Exploits0References3
OSV
OSV
added 2020/02/20 7:15 a.m.1 views

ALPINE-CVE-2020-9308

archivereadsupportformatrar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header such as a header size of zero, leading to a SIGSEGV or possibly unspecified other impact...

8.8CVSS7.2AI score0.02251EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/06 12:0 a.m.5 views

Waitress denial of service vulnerability

Waitress is a WSGI Web Server Gateway Interface server for Python. A denial of service vulnerability exists in Waitress, which can be exploited to cause a denial of service by sending specially designed headers containing invalid characters that consume all available CPU resources...

6.8CVSS6.7AI score0.0262EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/02/04 3:15 a.m.20 views

CVE-2020-5236

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...

6.8CVSS6.4AI score0.0262EPSS
Exploits0References2
CVE
CVE
added 2020/02/04 3:5 a.m.120 views

CVE-2020-5236

CVE-2020-5236 affects the Python WSGI server waitress. A flaw in the regex used to validate incoming HTTP headers allows catastrophic backtracking when headers contain invalid characters (e.g., Bad-header: xxxxxxxxxxxxxxx\x10), causing the server to hit 100% CPU and deny service. The issue was in...

6.8CVSS5.8AI score0.0262EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/12/26 5:15 p.m.5 views

PYSEC-2019-68

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...

5.8AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/09/11 5:53 a.m.10 views

HTTP/2: flood using HEADERS frames results in unbounded memory growth

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

7.8CVSS7.1AI score0.82813EPSS
Exploits0References9
CNVD
CNVD
added 2019/07/22 12:0 a.m.5 views

libjpeg-turbo Denial of Service Vulnerability

libjpeg is a C language library for processing image data in JPEG format. The product includes JPEG decoding, JPEG encoding and other JPEG functions. libjpeg-turbo is an optimized and improved version of libjpeg. A security vulnerability exists in libjpeg-turbo version 2.0.2. An attacker could...

5.5CVSS6.8AI score0.00951EPSS
Exploits1References1
Prion
Prion
added 2019/05/24 5:29 p.m.24 views

Buffer overflow

Buffer overflow can occur if invalid header tries to overwrite the existing buffer which fix size allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

4.6CVSS8.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2019/05/24 4:44 p.m.69 views

CVE-2019-2248

CVE-2019-2248 describes a buffer overflow that can occur when an invalid header overwrites an existing buffer with a fixed-size allocation, affecting a wide range of Qualcomm Snapdragon products (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon IoT/Wearables, Snapdragon 615/16, 625, 820/820...

7.8CVSS7.9AI score0.00197EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder