Lucene search
K

283 matches found

FreeBSD
FreeBSD
added 2023/10/10 12:0 a.m.84 views

traefik -- Resource exhaustion by malicious HTTP/2 client

The traefik authors report: There is a vulnerability in GO managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service...

6.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/08/14 3:2 p.m.7 views

dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack

An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service...

7.5CVSS5.7AI score0.15519EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/08/14 2:35 p.m.6 views

dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack

An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service...

7.5CVSS5.7AI score0.15519EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2023/08/09 5:49 a.m.37 views

CVE-2023-38710

An assertion failure flaw was found in the Libreswan package that occurs when processing IKEv2 REKEY requests. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notification INVALIDSPI is sent back. The notify payload's protocol ID is copied from...

6.5CVSS6.7AI score0.00691EPSS
Exploits0References5
Snyk
Snyk
added 2023/08/08 5:17 p.m.2 views

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS in Kestrel where, on detecting ...

7.5CVSS7AI score0.15519EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/06 10:2 a.m.25 views

Information Disclosure

samba is vulnerable to Information Disclosure. This vulnerability occurs when samba parses a specially crafted RPC request. If the request is valid, samba could enter an infinite loop, allowing a malicious client or an attacker to view the information that is part of the disclosed path...

5.3CVSS6.5AI score0.01185EPSS
Exploits0References12Affected Software1
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.4 views

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that stems from the ability of a malicious client to construct permanently valid credentials in certain specific scenarios...

9.8CVSS8.2AI score0.00709EPSS
Exploits0References4
Prion
Prion
added 2023/07/21 8:15 p.m.13 views

Memory corruption

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticat...

4CVSS6.4AI score0.00767EPSS
Exploits0References2
Prion
Prion
added 2023/07/20 3:15 p.m.52 views

Type confusion

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5CVSS6AI score0.62606EPSS
Exploits0References11Affected Software4
Debian CVE
Debian CVE
added 2023/07/20 2:57 p.m.45 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5.3CVSS6.4AI score0.62606EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/07/20 9:31 a.m.36 views

CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...

5.3CVSS5.9AI score0.01185EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2023/07/19 12:0 a.m.31 views

CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the...

5.3CVSS6.6AI score0.01185EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/07/03 8:17 a.m.26 views

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

6CVSS6.8AI score0.00376EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/06/27 6:52 p.m.5 views

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

8.1CVSS5.9AI score0.00694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/05/09 10:9 a.m.11 views

QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion

An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

6.5CVSS5.7AI score0.0114EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2023/03/30 12:0 a.m.36 views

Samba Remote Code Execution Vulnerability

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...

10CVSS9.7AI score0.99448EPSS
In wildExploits24
OSV
OSV
added 2023/02/24 3:15 p.m.4 views

ALPINE-CVE-2022-4203

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS6.9AI score0.01481EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.140 views

K13551136: Samba remote code execution vulnerability CVE-2017-7494

Security Advisory Description All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. CVE-2017-7494 Impact There is no impact; F5...

10CVSS9.1AI score0.99448EPSS
Exploits24
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.3 views

SUSE CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service...

7.5CVSS9AI score0.01613EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39214

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

8.1CVSS9.2AI score0.01176EPSS
Exploits0References5
Rows per page
Query Builder