Lucene search
K

283 matches found

FreeBSD
FreeBSD
added 2024/04/04 12:0 a.m.26 views

forgejo -- multiple issues

The forgejo team reports: CVE-2024-24789: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the...

5.5CVSS6.8AI score0.00446EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/27 2:26 a.m.13 views

CVE-2024-2097

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely RCE on the SCM server from List control, and execute the arbitrary code on the same system where SCMArchivedEventViewerTool is installed in the case of SCM Tools...

7.5CVSS7AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/27 2:3 a.m.32 views

CVE-2024-0400

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code RCE on the SCM Server...

7.5CVSS8.1AI score0.00628EPSS
Exploits0References1
Veracode
Veracode
added 2024/03/18 5:22 p.m.19 views

Denial Of Service (DoS)

iperf is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in the iperf utility, causing it to hang indefinitely while waiting for the remainder or until the connection is closed, allows a malicious or malfunctioning client to send less data than expected to the iperf serv...

5.3CVSS5.3AI score0.00932EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/18 1:15 p.m.2 views

DEBIAN-CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection...

5.3CVSS5.8AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/03/15 3:40 p.m.33 views

CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection...

5.3CVSS5.5AI score0.00932EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/11 12:0 a.m.61 views

Debian dla-3759 : qemu - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3759 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3759-1 [email protected]...

7.5CVSS7AI score0.01606EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/02/02 3:45 a.m.2 views

SUSE CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

6.2CVSS7.8AI score0.00957EPSS
Exploits0References5
OSV
OSV
added 2024/01/31 10:15 p.m.5 views

UBUNTU-CVE-2024-23650

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS6.7AI score0.00957EPSS
Exploits0References5
OSV
OSV
added 2024/01/31 9:42 p.m.9 views

CVE-2024-23650 BuildKit possible panic when incorrect parameters sent from frontend

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS6AI score0.00957EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/31 9:42 p.m.24 views

CVE-2024-23650 BuildKit possible panic when incorrect parameters sent from frontend

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoi...

5.3CVSS5.3AI score0.00957EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/01/11 7:30 a.m.29 views

CVE-2023-49295

A memory exhaustion vulnerability was found in Quic-GO, where a malicious client exploits the path validation mechanism to induce the server into accumulating an unbounded queue of PATHRESPONSE frames, depleting its memory. The attacker controls the victim's packet send rate by overwhelming the...

6.5CVSS6.3AI score0.01194EPSS
Exploits0References5
NVD
NVD
added 2023/12/06 7:15 a.m.20 views

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

7.1CVSS0.00376EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2023/12/06 6:19 a.m.35 views

CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

7.1CVSS6.7AI score0.00376EPSS
Exploits0
OSV
OSV
added 2023/12/06 6:19 a.m.60 views

CVE-2023-2861 Qemu: 9pfs: improper access control on special files

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

6CVSS6.8AI score0.00376EPSS
Exploits0References8
OSV
OSV
added 2023/11/01 7:18 a.m.61 views

BIT-2023-39325

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.1AI score0.03796EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.2 views

PT-2024-3053

Name of the Vulnerable Software and Affected Versions iperf affected versions not specified Description A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf...

5.9CVSS6.9AI score0.01107EPSS
Exploits0References38
Cvelist
Cvelist
added 2023/10/11 9:15 p.m.32 views

CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.8AI score0.03796EPSS
Exploits0References43
OSV
OSV
added 2023/10/11 4:49 p.m.68 views

GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

7.5CVSS7.7AI score0.99999EPSS
Exploits19References4
CNNVD
CNNVD
added 2023/10/11 12:0 a.m.4 views

Google Golang Resource Management Error Vulnerability

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

7.5CVSS6.7AI score0.03796EPSS
Exploits0References29
Rows per page
Query Builder