Lucene search
K

283 matches found

OSV
OSV
added 2025/04/15 4:16 p.m.1 views

DEBIAN-CVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS8.3AI score0.00847EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/04/14 3:15 p.m.2 views

CVE-2025-32914

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

7.4CVSS7.1AI score0.00676EPSS
Exploits0References16
OSV
OSV
added 2025/04/14 3:15 p.m.6 views

AZL-60422 CVE-2025-32914 affecting package libsoup for versions less than 3.4.4-4

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

7.4CVSS7.1AI score0.00676EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 3:15 p.m.4 views

UBUNTU-CVE-2025-32914

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

7.4CVSS7.1AI score0.00676EPSS
Exploits0References6
NVD
NVD
added 2025/04/14 2:15 p.m.14 views

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

5.3CVSS0.00605EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/04/13 12:0 a.m.12 views

Azure Linux 3.0 Security Update: qemu (CVE-2023-2861)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2861 advisory. - A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit...

7.1CVSS6.8AI score0.00376EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/10 8:29 p.m.17 views

PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode()

Impact Due to lack of limits by default in the explode function, malicious clients were able to abuse some packets to waste server CPU and memory. This is similar to a previous security issue published in https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-gj94-v4p9-w672, but with a...

7.3AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-2619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not...

7.5CVSS7.2AI score0.11091EPSS
Exploits3References2
OSV
OSV
added 2025/02/28 10:15 p.m.1 views

DEBIAN-CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7.1AI score0.38474EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2025/02/28 10:15 p.m.2 views

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7.1AI score0.38474EPSS
Exploits4References5Affected Software6
Vulnrichment
Vulnrichment
added 2025/02/28 9:25 p.m.18 views

CVE-2025-26466 Openssh: denial-of-service in openssh

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS6.3AI score0.38474EPSS
Exploits4References4
CVE
CVE
added 2025/02/28 9:25 p.m.1027 views

CVE-2025-26466

CVE-2025-26466 describes a DoS in OpenSSH where a malicious client floods ping/pong packets, causing unbounded memory growth on the server. Connected IBM AIX advisory notes affected OpenSSH filesets and provides concrete fixes: openssh.base.client/server at OpenSSH versions 9.7.3013.1000 (and 9.9...

5.9CVSS6.6AI score0.38474EPSS
Exploits4References15Affected Software1
Cvelist
Cvelist
added 2025/02/28 9:25 p.m.80 views

CVE-2025-26466 Openssh: denial-of-service in openssh

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS0.38474EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.14 views

Siemens SCALANCE W700 Permissive List of Allowed Inputs (CVE-2023-7250)

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection...

5.3CVSS5.9AI score0.00932EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/18 1:36 p.m.4 views

SUSE CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7.3AI score0.38474EPSS
Exploits4References7
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.2 views

mitmproxy 安全漏洞

mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets from the mitmproxy open source. A security vulnerability exists in mitmproxy version 11.1.1 and earlier, which stems from a malicious client that can utilize the proxy server...

8.2CVSS7.5AI score0.00817EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.5 views

NVIDIA vGPU Software 安全漏洞

NVIDIA vGPU Software is a management software from NVIDIA, USA, used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security vulnerabili...

7.8CVSS6.5AI score0.00193EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:38 a.m.6 views

iperf3: possible denial of service

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection...

5.3CVSS5.7AI score0.00932EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/08/29 12:0 a.m.50 views

Amazon Linux 2 : docker (ALASDOCKER-2024-044)

The version of docker installed on the remote host is prior to 25.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2024-044 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read...

10CVSS7AI score0.02983EPSS
Exploits0References12
OSV
OSV
added 2024/08/23 11:8 a.m.4 views

OESA-2024-2017 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: A...

7.5CVSS6.8AI score0.0468EPSS
Exploits0References2
Rows per page
Query Builder