Lucene search
K

132 matches found

OSV
OSV
added 2017/04/12 11:59 p.m.2 views

UBUNTU-CVE-2017-7700

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size...

6.5CVSS6.9AI score0.021EPSS
Exploits0References5
OSV
OSV
added 2017/04/12 11:59 p.m.3 views

ALPINE-CVE-2017-7700

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size...

6.5CVSS8.5AI score0.021EPSS
Exploits0References1
OSV
OSV
added 2016/09/21 2:25 p.m.2 views

DEBIAN-CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file...

7.5CVSS8.1AI score0.04707EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2016/09/12 8:11 p.m.4 views

libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...

7.5CVSS5.8AI score0.04707EPSS
Exploits1References5
OSV
OSV
added 2016/06/16 6:59 p.m.4 views

ALPINE-CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

5.9CVSS8.5AI score0.02371EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/01 2:45 p.m.5 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
OSV
OSV
added 2016/02/28 4:59 a.m.4 views

UBUNTU-CVE-2016-2522

The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafte...

5.9CVSS6.6AI score0.02079EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.4 views

The vulnerability of the Red Hat Enterprise Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the Linux kernel driver for the USBvision device in the Red Hat Enterprise Linux operating system is related to code errors. Exploiting this vulnerability could allow an attacker, operating locally, to cause a service failure by setting a non-zero value of bInterfaceNumber in...

4.9CVSS6.5AI score0.00675EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2015/10/19 12:0 a.m.1 views

UBUNTU-CVE-2015-7833

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux RHEL 7.1 allows physically proximate attackers to cause a denial of service panic via a nonzero bInterfaceNumber value in a USB device descriptor...

4.9CVSS6.7AI score0.00675EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2015/04/13 11:54 a.m.4 views

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

5.9CVSS6.8AI score0.05398EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2008/06/24 7:41 p.m.2 views

CVE-2008-2833

admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters...

10CVSS5.8AI score0.04134EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 1997/05/26 12:0 a.m.4 views

PT-1997-1019 · Sgi · Irix Login Program

Name of the Vulnerable Software and Affected Versions: IRIX login program affected versions not specified Description: The issue concerns the IRIX login program, where a nonzero LOCKOUT parameter allows unauthorized creation or damage to files. Recommendations: At the moment, there is no...

8.4CVSS6.9AI score0.01413EPSS
Exploits0References8
Rows per page
Query Builder