Lucene search
K

23 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Make sure to abort the stream if the headers are invalid. Normally, we wait for the socket to buffer up the entire record before processing it. However, if the socket has a very small buffer, we read out the data sooner to...

9.8CVSS6.5AI score0.08942EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-17023

Malware in sbrugna...

5.9CVSS6AI score0.00655EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-19722

Malware in sbrugna...

7.5CVSS7.5AI score0.07496EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19088

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.00242EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-0735

Malicious code in bioql PyPI...

7.8CVSS7AI score0.53861EPSS
Exploits1References220
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-6433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would ...

9.8CVSS7.3AI score0.00242EPSS
Exploits0References2
Mozilla
Mozilla
added 2025/07/02 12:0 a.m.23 views

Security Vulnerabilities fixed in Thunderbird 140 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...

9.8CVSS7.6AI score0.03057EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/07/02 12:0 a.m.2 views

Mozilla Thunderbird < 140.0

The version of Thunderbird installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory...

9.8CVSS7.1AI score0.03057EPSS
Exploits0References12
NVD
NVD
added 2025/06/24 1:15 p.m.7 views

CVE-2025-6433

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...

9.8CVSS0.00242EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/24 12:28 p.m.2 views

CVE-2025-6433 WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This...

7.2AI score0.00242EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/24 12:0 a.m.8 views

PT-2025-26730

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to...

9.8CVSS7.8AI score0.09348EPSS
Exploits2References162
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.6 views

Astra Linux – Vulnerability in Firefox

If a user visited a webpage with an invalid TLS certificate and granted an exception, the webpage was able to present a WebAuthn challenge that the user was prompted to complete. This violates the WebAuthN specification, which requires a secure transport connection without errors. This...

9.8CVSS5.4AI score0.00242EPSS
Exploits0References3
Amazon
Amazon
added 2025/05/29 12:0 a.m.11 views

Medium: jetty

Issue Overview: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...

7.8CVSS6.8AI score0.53861EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.14 views

Amazon Linux 2 : jetty (ALAS-2025-2871)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...

7.8CVSS6.9AI score0.53861EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/06/12 12:0 a.m.26 views

Mozilla Thunderbird < 102.12

The version of Thunderbird installed on the remote Windows host is prior to 102.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-21 advisory. - Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng,...

9.8CVSS7.7AI score0.0093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.119 views

Jetty 11.0.x < 11.0.2 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2021/05/06 12:0 a.m.41 views

RHEL 7 : rh-eclipse-jetty (RHSA-2021:1509)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1509 advisory. Jetty is a 100% Java HTTP Server and Servlet Container. The following packages have been upgraded to a later upstream version:...

7.8CVSS6.7AI score0.82371EPSS
Exploits9References10
CNVD
CNVD
added 2021/04/02 12:0 a.m.17 views

Eclipse Jetty Denial of Service Vulnerability (CNVD-2021-25683)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty 7.2.2 through 9.4.38, 10.0.0.alpha0 through 10.0.1, and 11.0.0.alpha0 through 11.0.1, which stems from abnormal processing after receivin...

7.8CVSS6.6AI score0.53861EPSS
Exploits1References1
OSV
OSV
added 2021/04/01 3:15 p.m.3 views

UBUNTU-CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

7.5CVSS6.9AI score0.53861EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2021/04/01 2:20 p.m.4 views

CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

7.5CVSS6.8AI score0.53861EPSS
Exploits1References107
Rows per page
Query Builder