Lucene search
K

612 matches found

Snyk
Snyk
added 2023/10/11 12:0 a.m.2 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow vi DFAContentModel::countLeafNodes and DFAContentModel::buildDFA. An attacker can cause out-of-bound access by sending a specially crafted HTTP request. Remediation Upgrade xerces-c to version 3.2.4 o...

8.8CVSS7AI score0.01381EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/05 12:0 a.m.5 views

The vulnerability of the Multicast Leaf Recycle Elimination (mLRE) function in the Cisco IOS XE operating system for Cisco ASR Series 1000 routers allows a attacker to trigger a service failure.

The vulnerability of the Multicast Leaf Recycle Elimination mLRE function in the Cisco IOS XE router operating system from the Cisco ASR series 1000 is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to trigger a service failure...

8.6CVSS7.2AI score0.00652EPSS
Exploits0References3
CVE
CVE
added 2023/09/27 5:19 p.m.89 views

CVE-2023-20187

CVE-2023-20187 affects Cisco IOS XE Software for the ASR 1000 Series (Multicast Leaf Recycle Elimination, mLRE). The issue is triggered by handling of certain IPv6 multicast packets fanned out more than seven times, enabling an unauthenticated remote attacker to cause a device reload and DoS. Con...

8.6CVSS7.6AI score0.00652EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.3 views

PT-2023-5643 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers affected versions not specified Description: A vulnerability in the Multicast Leaf Recycle Elimination mLRE feature could allow an unauthenticated, remote attacker t...

8.6CVSS7.5AI score0.00652EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.3 views

PT-2023-8799 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's 8250 port component, where an error in handling IRQ data can lead to a kernel NULL pointer dereference. This occurs when the leaf driver uses...

7.8CVSS6.5AI score0.08555EPSS
Exploits7References1121
Openbugbounty
Openbugbounty
added 2023/09/05 8:47 p.m.4 views

palmleafpediatrics.com Cross Site Scripting vulnerability OBB-3650489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/07/18 8:33 a.m.6 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2023/07/18 8:31 a.m.4 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/06/26 12:0 a.m.60 views

AlmaLinux 9 : openssl (ALSA-2023:3722)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3722 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include...

7.5CVSS6.7AI score0.73461EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.52 views

RHEL 9 : openssl (RHSA-2023:3722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3722 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS7.2AI score0.73461EPSS
Exploits0References25
AlmaLinux
AlmaLinux
added 2023/06/21 12:0 a.m.113 views

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...

7.5CVSS7AI score0.73461EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.2 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:43 a.m.3 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.1 views

kernel: use-after-free related to leaf anon_vma double reuse

A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the ismergeableanonvma function continuously forks, using memory operations to trigger an incorrect reuse of leaf anonvma. This issue allows a local attacker to crash the system...

5.5CVSS6.6AI score0.00971EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 2023/04/14 1:52 a.m.3 views

SUSE CVE-2022-48437

An issue was discovered in x509/x509verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509verifyctxaddchain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed...

5.3CVSS9.2AI score0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.9 views

PT-2023-15779 · Openbsd +1 · Openbsd +2

Name of the Vulnerable Software and Affected Versions: LibreSSL versions prior to 3.6.1 OpenBSD versions prior to 7.2 errata 001 Description: An issue was discovered in the x509/x509 verify.c file. The function x509 verify ctx add chain does not store errors that occur during leaf certificate...

9.8CVSS6.5AI score0.59501EPSS
Exploits1References24
Microsoft CVE
Microsoft CVE
added 2023/04/05 7:0 a.m.4 views

Invalid certificate policies in leaf certificates are silently ignored

...

5.3CVSS6.6AI score0.01583EPSS
Exploits0
Veracode
Veracode
added 2023/04/02 10:14 a.m.43 views

Authorization Bypass

openssl is vulnerable to Authorization Bypasses. Invalid certificate policies in leaf certificates are ignored by OpenSSL, allowing malicious CA to bypass policy checking. Policy processing is disabled by default, but can be enabled by passing the '-policy' argument to command line utilities or...

5.3CVSS5.8AI score0.01583EPSS
Exploits0References16Affected Software5
Citrix
Citrix
added 2023/03/31 12:0 a.m.8 views

No space to leaf-coalesce

Space is not reclaimed during a garbage collection or leaf coalesce operation. SMlog reports "No space to leaf-coalesce... but enough space if skip snap-coalesce"...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/30 1:45 a.m.2 views

SUSE CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.9CVSS6.4AI score0.01583EPSS
Exploits0References86
Rows per page
Query Builder