Lucene search
K

19 matches found

RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.13 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS6.6AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/05/19 6:12 p.m.19 views

crun: crun: Privilege escalation due to incorrect parsing of the `--user` option

A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...

7.8CVSS5.7AI score0.00159EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/05/06 5:59 p.m.10 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS7.2AI score0.0064EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/04/14 2:45 p.m.8 views

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References8
CVE
CVE
added 2024/12/27 12:0 a.m.82 views

CVE-2024-56520

CVE-2024-56520 affects TCPDF via tc-lib-pdf-font, where FontBBox handling for Type 1 and parsing of TrueType fonts is incorrect. Affected: tc-lib-pdf-font before 2.6.4 and TCPDF before 6.8.0. Root cause: mishandling/misparsing font metadata, enabling potential impact as described in linked adviso...

7.3CVSS7AI score0.00524EPSS
Exploits0References6
OSV
OSV
added 2023/03/27 9:15 p.m.11 views

UBUNTU-CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

6.1CVSS6.3AI score0.00553EPSS
Exploits1References5
Prion
Prion
added 2022/07/06 12:15 p.m.17 views

Design/Logic Flaw

DISPUTED quic-go through 0.27.0 allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtudiscoverer.go misparses the MTU Discovery service and consequently overflows the probe timer...

5CVSS7.5AI score0.02825EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/20 11:56 p.m.30 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5CVSS4.9AI score0.02296EPSS
Exploits0References2
OSV
OSV
added 2019/08/14 9:15 p.m.5 views

CVE-2019-1211

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would ne...

7.3CVSS7.3AI score0.01654EPSS
Exploits0References1
OSV
OSV
added 2019/03/05 11:29 p.m.22 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5CVSS6.6AI score
Exploits0References8
NVD
NVD
added 2019/03/05 11:29 p.m.19 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5CVSS7.5AI score0.02296EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2019/03/05 11:0 p.m.24 views

CVE-2019-9578

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device...

7.5CVSS7AI score0.02296EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/02/26 2:29 a.m.43 views

CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

7.5CVSS6.7AI score0.03906EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2019/02/26 2:0 a.m.31 views

CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

7.5CVSS7.4AI score0.03906EPSS
Exploits1
Prion
Prion
added 2016/12/20 6:59 a.m.14 views

Security feature bypass

Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."...

4.3CVSS7.9AI score0.19414EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/12/11 11:59 a.m.17 views

CVE-2015-7047

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed...

7.2CVSS7.1AI score0.00996EPSS
Exploits5References14
CVE
CVE
added 2015/12/11 11:0 a.m.71 views

CVE-2015-7047

CVE-2015-7047 is a local privilege-escalation vulnerability affecting Apple platforms: iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1. The issue arises from a crafted mach message that is misparsed by the kernel, enabling a local user to gain privileges. Public explo...

7.2CVSS7.5AI score0.00996EPSS
Exploits5References14Affected Software1
NVD
NVD
added 2015/10/09 5:59 a.m.16 views

CVE-2015-5878

Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors...

2.1CVSS4.6AI score0.00371EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/05/31 12:0 a.m.17 views

Debian Security Advisory DSA 2478-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 2478-1. OpenVAS Vulnerability Test $Id: deb24781.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2478-1 sudo Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

7.2CVSS0.5AI score0.00399EPSS
Exploits0
Rows per page
Query Builder