Lucene search
K

12 matches found

OSV
OSV
added 2026/05/19 12:24 p.m.7 views

CLSA-2026-1779183103 vim: Fix of 6 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in updatetopline when screen is invalid - CVE-2022-1616: tighten appendcommand loop bound + pre-write length check to avoid buffer overflow with composing chars - CVE-2022-2042: initialize attr in spellmoveto and capture emptyline before mlgetbuf invalidates...

8.4CVSS7.3AI score0.02645EPSS
Exploits6References1
Debian CVE
Debian CVE
added 2025/12/09 12:0 a.m.2 views

CVE-2023-53786

In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer dereference: dmsetup create flakey --table \ "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbiobyte 512" Fix the crash by...

5.3AI score0.00195EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/09/09 3:23 p.m.7 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:20 a.m.3 views

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.

...

6.5CVSS7AI score0.00823EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/06/26 12:25 a.m.5 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/06/16 1:34 a.m.9 views

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

9.1CVSS7.1AI score0.00724EPSS
Exploits0References8
OSV
OSV
added 2023/04/16 12:15 a.m.3 views

UBUNTU-CVE-2020-27545

libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object...

6.5CVSS6.8AI score0.00823EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/15 12:0 a.m.3 views

PT-2023-11764 · Libdwarf · Libdwarf

Name of the Vulnerable Software and Affected Versions: libdwarf versions prior to 20201017 Description: The issue is caused by an invalid pointer dereference via an invalid line table in a crafted object, resulting in a one-byte out-of-bounds read. Recommendations: For versions prior to 20201017,...

6.5CVSS6.3AI score0.00823EPSS
Exploits0References17
Veracode
Veracode
added 2020/01/31 6:26 a.m.32 views

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not detect if a colon is missing when parsing HTTP headers. This allows an attacker to smuggle HTTP requests via an invalid line fold...

9.1CVSS3.6AI score0.08914EPSS
Exploits1References117Affected Software3
RedHat Linux
RedHat Linux
added 2017/02/02 9:3 p.m.9 views

tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS7.2AI score0.39633EPSS
Exploits6References10
OSV
OSV
added 2004/11/23 5:0 a.m.2 views

DEBIAN-CVE-2004-0270

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service crash via a uuencoded e-mail message with an invalid line length e.g., a lowercase character, which causes an assert error in clamd that terminates the calling program...

5CVSS6.8AI score0.10409EPSS
Exploits1References1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.23 views

CVE-2004-0270

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service crash via a uuencoded e-mail message with an invalid line length e.g., a lowercase character, which causes an assert error in clamd that terminates the calling program...

6.3AI score0.10409EPSS
Exploits1References6
Rows per page
Query Builder