Lucene search
K

60 matches found

CNNVD
CNNVD
added 2025/01/07 12:0 a.m.5 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 134, which stems from an attacker being able to spoof the address bar when using an invalid protocol scheme...

6.5CVSS6.7AI score0.00426EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.7 views

PT-2025-3809

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 134 Description When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. This issue only affects Android operating systems, with other operating systems being unaffected. Recommendation...

9.8CVSS8.1AI score0.1307EPSS
Exploits1References317
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.7 views

PT-2025-3811

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 134 Description When using an invalid protocol scheme, an attacker could spoof the address bar. This issue only affects Android operating systems, while other operating systems are unaffected. Recommendations For...

9.8CVSS6.7AI score0.1307EPSS
Exploits1References315
RedHat Linux
RedHat Linux
added 2025/01/02 6:44 p.m.6 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/12/02 1:20 a.m.6 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.6 views

PT-2024-31819 · Facebook · Facebook Thrift

Name of the Vulnerable Software and Affected Versions: Facebook Thrift versions v2024.09.09.00 through v2024.09.23.00 Description: A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable...

5.3CVSS7.1AI score0.00351EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.6 views

Facebook Thrift 安全漏洞

Facebook Thrift is a fork of Apache Thrift, a serialization and RPC framework for service communication from Facebook, USA. A security vulnerability exists in Facebook Thrift versions v2024.09.09.00 through v2024.09.23.00, which stems from a null pointer reference related to resolving a request...

5.3CVSS6.7AI score0.00351EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.4 views

kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable()

An out-of-bounds access vulnerability was found in the Linux Kernel. This issue occurs during the creation of a new netfilter table. The absence of safeguards in the nftablesnewtable function against invalid nftables family pf values allows attackers to achieve unauthorized access. Exploitation...

7.8CVSS6.8AI score0.00312EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.4 views

Symbolicator Security Vulnerability

Symbolicator is a symbolic service for native stack traces and small dumps with Symbolic Server support. A security vulnerability exists in Symbolicator versions prior to 0.3.3 through 21.12.1, which stems from a vulnerability that allows an attacker to use an invalid protocol to cause Symbolicat...

4.3CVSS6.8AI score0.00471EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.5 views

PT-2023-31834 · Unknown +1 · Symbolicator +1

Name of the Vulnerable Software and Affected Versions: Symbolicator versions 0.3.3 through 21.12.1 Description: The issue allows an attacker to make Symbolicator send GET HTTP requests to arbitrary URLs with internal IP addresses by using an invalid protocol. The responses of those requests could...

4.3CVSS4.6AI score0.00471EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/11/19 2:2 a.m.3 views

SUSE CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS7.2AI score0.00691EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/07 8:17 a.m.2 views

libreswan: Invalid IKEv2 REKEY proposal causes restart

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2023/08/26 7:0 a.m.3 views

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1 an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.

...

6.5CVSS6.5AI score0.00691EPSS
Exploits0
OSV
OSV
added 2023/08/25 9:15 p.m.5 views

AZL-34935 CVE-2023-38710 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/08/25 9:15 p.m.6 views

CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS5.8AI score0.00691EPSS
Exploits0References3
OSV
OSV
added 2023/08/25 9:15 p.m.2 views

DEBIAN-CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...

6.5CVSS6.3AI score0.00691EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.3 views

PT-2023-5266 · Libreswan +5 · Libreswan +5

Name of the Vulnerable Software and Affected Versions: Libreswan versions 3.20 through 4.12 Description: An issue was discovered in Libreswan when an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1. This causes an error notify INVALID SPI to be sent back, but th...

7.8CVSS7AI score0.01175EPSS
Exploits0References50
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.3 views

SUSE CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...

5CVSS6.8AI score0.71986EPSS
Exploits8References4
OSV
OSV
added 2022/04/11 4:59 p.m.5 views

CLSA-2022-1649696379 Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
OSV
OSV
added 2022/04/11 4:58 p.m.8 views

CLSA-2022-1649696332 Fix of CVE: CVE-2021-3618

CVE-2021-3618: drop the connection after reaching the specified number of invalid protocol commmands...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
Rows per page
Query Builder