Lucene search
K

13 matches found

OSV
OSV
added 2026/06/08 4:41 p.m.13 views

USN-8349-2 rsync regression

USN-8349-1 fixed vulnerabilities in rsync. The update introduced multiple regressions in rsync functionality. This update fixes the problem. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with...

8.1CVSS5.6AI score0.0078EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/23 3:38 p.m.6 views

EUVD-2025-209565

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.8 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from the kernel’s failure to properly check the jail root directory during file system name lookups. This vulnerability could allow jail processes to obtain full...

7.5CVSS7.5AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2024/11/25 9:30 a.m.3 views

GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...

4.7CVSS5.7AI score0.00399EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.454 views

DNS Amplification Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DNS Amplification Scanner', 'Description' = %q This module can be used to discover DNS servers which expose recursive name lookups which can be...

7.8CVSS7AI score0.5726EPSS
Exploits2
OSV
OSV
added 2024/05/03 7:15 p.m.2 views

CVE-2022-22364

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

5.3CVSS5.9AI score0.00539EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/04 12:0 a.m.6 views

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

7.5CVSS6.3AI score0.00973EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/09/15 1:41 p.m.3 views

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

7.5CVSS7.2AI score0.03231EPSS
Exploits1References5
OSV
OSV
added 2019/07/11 8:15 p.m.2 views

CVE-2019-4131

IBM Application Performance Management IBM Monitoring 8.1.4 could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270...

5.3CVSS6.2AI score0.01524EPSS
Exploits0References2
CNVD
CNVD
added 2019/07/09 12:0 a.m.3 views

IBM Application Performance Management Input Validation Error Vulnerability

IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. An input validation error vulnerability exists in IBM...

5.3CVSS6.8AI score0.01524EPSS
Exploits0References1
OSV
OSV
added 2018/03/02 3:29 p.m.2 views

DEBIAN-CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart...

5.9CVSS6.3AI score0.02643EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/10 12:0 a.m.5 views

IBM WebSphere Cast Iron Solution Security Bypass Vulnerability

IBM WebSphere Cast Iron Solution is a cloud-based solution from IBM USA. It enables organizations to connect their hybrid public cloud, private cloud and on-premise application environments. A security vulnerability exists in IBM WebSphere Cast Iron Solution that stems from the program failing to...

8.6CVSS7AI score0.0161EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.33 views

SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)

The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The...

6.5CVSS7.3AI score0.06666EPSS
Exploits6References23
Rows per page
Query Builder