9 matches found
Astra Linux – Vulnerability in exiv2
In Exiv2, from version 0.27.1 onwards, a malicious HTTP server can cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
EUVD-2026-16903
The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow eswifi-buf, corrupting kernel memory CWE-120. Exploit requires local code that can call the socket send API; no remote attacker can reach it directly...
CVE-2026-28503
Tandoor Recipes CVE-2026-28503: Prior to version 2.6.0, SyncViewSet.query_synced_folder() uses get_object_or_404(Sync, pk=pk) without scoping to space, allowing cross-space IDOR where an admin in Space A could trigger syncs (Dropbox/Nextcloud/Local import) and view logs for Sync configurations in...
SUSE CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
PYSEC-2019-257
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
ALPINE-CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
UBUNTU-CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
DEBIAN-CVE-2013-7401
The parserequest function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service crash via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method...